postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: RE: ..::Spoofing Issues::..

RE: ..::Spoofing Issues::..

From: Alfonso Alejandro Reyes Jimenez <aareyes_at_nospam>
Date: Wed Oct 06 2010 - 15:09:13 GMT
To: "James Gray" <>, <>

Thanks for your help, we will check the solutions and let you know.

Have a great day.

Ing. Alfonso Alejandro Reyes Jiménez
          Analista del sector Gobierno
Telefono: 91 50 74 00 ext. 7489
Movil: (044) 55 52 98 34 82

La información contenida en el presente correo es confidencial y para uso exclusivo de la persona o institución a que se refiere. Si usted no es el receptor deliberado es ilegal cualquier distribución, divulgación, reproducción, completa o parcial, aprovechamiento, uso o cualquier otra acción relativa a ella. Por favor notifique al emisor e inmediatamente bórrela de forma permanente de cualquier computadora en la que resida y en caso de existir, destruya cualquier copia impresa.

-----Mensaje original-----
De: [] En nombre de James Gray
Enviado el: martes, 05 de octubre de 2010 09:34 p.m.
Asunto: Re: ..::Spoofing Issues::..

On 06/10/2010, at 12:17 PM, John Peach wrote:

> On Wed, 6 Oct 2010 12:13:25 +1100
> James Gray <> wrote:
>> On 06/10/2010, at 9:37 AM, Noel Butler wrote:
>>> On Tue, 2010-10-05 at 23:46 +0200, mouss wrote:
>>>> Le 04/10/2010 23:03, Terry Gilsenan a écrit :
>>>>> Configure postfix to use SPF, and setup an SPF record in DNS for that domain.
>>>> then what? you reject mail because of spf fail? that would lead to false positives...
>>> We've used it for years, had very little complaints, maybe half a dozen in all that time.
>>> SPF is a "must use" IMHO, and by use of "-all" ... providing you configure your DNS correctly.
>> ...and then a user puts in a .forward file (or equivalent) to send mail to another address. Now SPF if broken on the forwarded account as your mail server very likely doesn't have an SPF record for the original sender. Ooops - SPF is broken in these situations and therefore can't be used to arbitrarily reject messages on SPF failures. The best it can do is be added as a heuristic to an overall message evaluation (spamassassin et al).
> We neither publish nor use SPF records; broken by design.

Hi John,

Agreed - sorry about the wording in my previous. I didn't want it to sound like "your" mail system specifically. No offence intended.