Re: [exim] Exim4 + greylistd + spf

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Chris Blaise
Date:  
À: exim-users
Sujet: Re: [exim] Exim4 + greylistd + spf
> >     What's "hardcore" about rejecting mail from addresses
> that are in
> > violation of published SPF records?
>
> The interesting question about any individual piece of mail
> is, ``does the addressee want to receive it?'', not,
> ``through which server/s has it passed, and are they
> controlled by the owners of the sending domain?''. SPF may
> tell you the answer to the second question, in some cases;
> this may give you evidence about the answer to the first, but
> you certainly can't in general determine the answer to the
> first question from the answer to the second!


    By that definition, nothing generally satisfies the first question
except for the addressee accepting all mail and making the determination for
themselves.  I guess that makes administration much easier; no need for spam
or malware analysis!


    I maintain that if an administrator for a domain has taken the time
and effort to publish SPF records for the servers authorized to deliver mail
as their domain, then it's perfectly legitimate to reject mail from
non-authorized servers.  


    Certainly there are situations where it's not possible to reject at
SMTP based on the sender's IP address (ie., you ETRN/fetchmail from another
server), but for fully connected sites, I don't see a problem rejecting
messages from violating servers.


    I don't see it as any more "hardcore" than if someone were to
complain that they couldn't receive messages I tried to send them because
they had their MX records pointing to incorrect servers.


Chris