postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: ..::Spoofing Issues::..

Re: ..::Spoofing Issues::..

From: James Gray <james_at_nospam>
Date: Wed Oct 06 2010 - 01:13:25 GMT

On 06/10/2010, at 9:37 AM, Noel Butler wrote:

> On Tue, 2010-10-05 at 23:46 +0200, mouss wrote:
>> Le 04/10/2010 23:03, Terry Gilsenan a écrit :
>>> Configure postfix to use SPF, and setup an SPF record in DNS for that domain.
>> then what? you reject mail because of spf fail? that would lead to false positives...
> We've used it for years, had very little complaints, maybe half a dozen in all that time.
> SPF is a "must use" IMHO, and by use of "-all" ... providing you configure your DNS correctly.

...and then a user puts in a .forward file (or equivalent) to send mail to another address. Now SPF if broken on the forwarded account as your mail server very likely doesn't have an SPF record for the original sender. Ooops - SPF is broken in these situations and therefore can't be used to arbitrarily reject messages on SPF failures. The best it can do is be added as a heuristic to an overall message evaluation (spamassassin et al).