Lähettäjä: Ian Eiloart Päiväys: Vastaanottaja: David Woodhouse Kopio: David Saez Padros, exim-users, Doug Jolley Aihe: Re: [exim] Compile time problems
--On 3 April 2006 13:22:16 +0100 David Woodhouse <dwmw2@???>
wrote:
> On Mon, 2006-04-03 at 13:14 +0100, Ian Eiloart wrote:
>> True, but I'd hope that those institutions have proper controls. In our
>> case we'd be able to track a student abusing the network, and we're very
>> soon going to firewall all but our official servers, so that they can't
>> send mail out on port 25.
>
> By those arguments it would be acceptable just to whitelist all mail
> from hosts where the reverse DNS matches *.ac.uk (assuming the forward
> DNS confirms it, of course).
Well, I suppose that's the logical conclusion. So, why do I want to use SPF
records? I guess it's because I know that *our* entire IP range isn't
entirely trustworthy-though spam leakage is rare. The SPF mechanism allows
me to say which of my servers are trustworthy.
Also, the presence of SPF records is evidence that an institution has
thought about which IP addresses are trustworthy.
> Just depends how permissive you want your whitelist to be, I suppose.
Yep. In fact, I'd probably want to list specific domains to trust, and that
list might not include all .ac.uk domains.
>
> --
> dwmw2