Wednesday 10 May 2006 16:48 skrev Chris Blaise:
> I have the spf check in my acl_smtp_mail acl. The problem is that
> the spf check only occurs if the sender uses HELO to set the domain. If
> they don't, the check will not happen. If I were trying to spoof and knew
> some sites wouldn't check helo, I wouldn't bother sending it!
But sending HELO or EHLO (with whatever arguments) is a requirement of RFC
2821. I don't think any legitimate mailers leave it out, so I think you could
dare rejecting those who do (exempting your own users of course).
--
Magnus Holmgren
holmgren@???
