FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS
Reload this Page Reject Action For SPF

 
 
LinkBack Thread Tools
 
Old 05-03-2012, 04:30 PM
"Prabhpal S. Mavi"
 
Default Reject Action For SPF
Dear Friends,

i have setup SPF alright, postfix is performing check as well (results
below), but even if there is no SPF record exist for a domain, message is
still accepted.

how can i set the reject action, if no SPF available.

May 3 16:11:14 titan postfix/policy-spf[5353]: : SPF none (No applicable
sender policy available): Envelope-from: somedomain.com

Prabh S. Mavi



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-03-2012, 04:34 PM
Peter Eckel
 
Default Reject Action For SPF
Hi Prabh,

> i have setup SPF alright, postfix is performing check as well (results
> below), but even if there is no SPF record exist for a domain, message is
> still accepted.
>
> how can i set the reject action, if no SPF available.

are you sure you want to do this? It will definitely result in lots of legitimate mail being blocked, because SPF is by no means ubiquitous.

You can set up your mail server to block mail if the SPF record suggests it, but I would never filter mail originating from domains having no SPF record at all.

Best regards,

Peter.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-03-2012, 04:40 PM
"Prabhpal S. Mavi"
 
Default Reject Action For SPF
> are you sure you want to do this? It will definitely result in lots of
> legitimate mail being blocked, because SPF is by no means ubiquitous.
>
> You can set up your mail server to block mail if the SPF record suggests
> it, but I would never filter mail originating from domains having no SPF
> record at all.
>
> Best regards,
>
> Peter.

Dear Peter,

Thanks for your response. it is true what you are saying. but we want to
set that way.


Prabh S. Mavi



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-03-2012, 05:07 PM
John Hinton
 
Default Reject Action For SPF
On 5/3/2012 12:40 PM, Prabhpal S. Mavi wrote:
>> are you sure you want to do this? It will definitely result in lots of
>> legitimate mail being blocked, because SPF is by no means ubiquitous.
>>
>> You can set up your mail server to block mail if the SPF record suggests
>> it, but I would never filter mail originating from domains having no SPF
>> record at all.
>>
>> Best regards,
>>
>> Peter.
> Dear Peter,
>
> Thanks for your response. it is true what you are saying. but we want to
> set that way.
>
>
> Prabh S. Mavi
>
>
A couple of notes.

1. SPF was not designed to be used this way. It is doubtful that anyone
has written anything that even remotely considered this option in use.
You will likely have to write it yourself.

2. SPF is still in RFC testing, so it is not yet a full internet
standard. And once it is, the standard still does not condone using it
the way you intend. IOW, there is nothing in the standard that states
you must have a SPF record to be a legit email domain. Basically, you'll
have a broken mailserver. We are actually stuck with having to take ours
off for the moment as one 'service' we use demands sending email from
their mailservers using our email address and they still have no SPF record.

If you do this, most likely you will not get around 90% of the good
email as SPF is not widely used as of yet. But I guess if you are only
interested in receiving email from a few 'known' domains... it could
work. Seems it would be easier to just blacklist all and whitelist the
few? If it is just for internal... perhaps a webmail system with no
outside email ability would be the way to go?

--
John Hinton
877-777-1407 ext 502
http://www.ew3d.com
Comprehensive Online Solutions

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-03-2012, 05:16 PM
"Prabhpal S. Mavi"
 
Default Reject Action For SPF
> 1. SPF was not designed to be used this way. It is doubtful that anyone
> has written anything that even remotely considered this option in use.
> You will likely have to write it yourself.
>
> 2. SPF is still in RFC testing, so it is not yet a full internet
> standard. And once it is, the standard still does not condone using it
> the way you intend. IOW, there is nothing in the standard that states
> you must have a SPF record to be a legit email domain. Basically, you'll
> have a broken mailserver. We are actually stuck with having to take ours
> off for the moment as one 'service' we use demands sending email from
> their mailservers using our email address and they still have no SPF
> record.
>
> If you do this, most likely you will not get around 90% of the good
> email as SPF is not widely used as of yet. But I guess if you are only
> interested in receiving email from a few 'known' domains... it could
> work. Seems it would be easier to just blacklist all and whitelist the
> few? If it is just for internal... perhaps a webmail system with no
> outside email ability would be the way to go?

Dear Hilton. J

Thanks for your advice, i actually know this. what would you say about
those who put there efforts to implement SPF. why they do it?

Thanks / Regards
Prabh S. Mavi



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-03-2012, 05:16 PM
"Prabhpal S. Mavi"
 
Default Reject Action For SPF
> 1. SPF was not designed to be used this way. It is doubtful that anyone
> has written anything that even remotely considered this option in use.
> You will likely have to write it yourself.
>
> 2. SPF is still in RFC testing, so it is not yet a full internet
> standard. And once it is, the standard still does not condone using it
> the way you intend. IOW, there is nothing in the standard that states
> you must have a SPF record to be a legit email domain. Basically, you'll
> have a broken mailserver. We are actually stuck with having to take ours
> off for the moment as one 'service' we use demands sending email from
> their mailservers using our email address and they still have no SPF
> record.
>
> If you do this, most likely you will not get around 90% of the good
> email as SPF is not widely used as of yet. But I guess if you are only
> interested in receiving email from a few 'known' domains... it could
> work. Seems it would be easier to just blacklist all and whitelist the
> few? If it is just for internal... perhaps a webmail system with no
> outside email ability would be the way to go?

Dear Hilton. J

Thanks for your advice, i actually know this. what would you say about
those who put there efforts to implement SPF. why they do it?

Thanks / Regards
Prabh S. Mavi



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 08:00 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -