Hi Team,
There's a particularly annoying ESP bugging us. Their clients always include a
reference to them in their SPF records, which look something like this:
text = "v=spf1 exists:%{i}._spf.xyz.com ~all"
So, if a message is dropped from 1.2.3.4
nslookup 1.2.3.4._spf.xyz.com
returns
Non-authoritative answer:
Name: 1.2.3.4._spf.xyz.com
Address: 1.2.3.4
if the IP is on the ESP's SPF list.
What I'd like to do is turn this into an RBL check, but
eval:check_rbl('Evil-ESP','_spf.xyz.com')
Is going to flip the IP address around.
Is there an easy way of doing this in SA, or is this a job for MimeDefang?
Thanks
Judy
