Re: [exim] Compile time problems

Top Page
Delete this message
Reply to this message
Author: Ian Eiloart
Date:  
To: David Woodhouse
CC: David Saez Padros, exim-users, Doug Jolley
Subject: Re: [exim] Compile time problems


--On 3 April 2006 13:22:16 +0100 David Woodhouse <dwmw2@???>
wrote:

> On Mon, 2006-04-03 at 13:14 +0100, Ian Eiloart wrote:
>> True, but I'd hope that those institutions have proper controls. In our
>> case we'd be able to track a student abusing the network, and we're very
>> soon going to firewall all but our official servers, so that they can't
>> send mail out on port 25.
>
> By those arguments it would be acceptable just to whitelist all mail
> from hosts where the reverse DNS matches *.ac.uk (assuming the forward
> DNS confirms it, of course).


Well, I suppose that's the logical conclusion. So, why do I want to use SPF
records? I guess it's because I know that *our* entire IP range isn't
entirely trustworthy-though spam leakage is rare. The SPF mechanism allows
me to say which of my servers are trustworthy.

Also, the presence of SPF records is evidence that an institution has
thought about which IP addresses are trustworthy.

> Just depends how permissive you want your whitelist to be, I suppose.


Yep. In fact, I'd probably want to list specific domains to trust, and that
list might not include all .ac.uk domains.

>
> --
> dwmw2




--
Ian Eiloart
IT Services, University of Sussex