Author: Peter Bowyer Date: To: Exim, Users Subject: Re: [exim] Ultimate spam defense - check for the sender MX record
On 27/12/06, Ian Eiloart <iane@???> wrote: >
>
> --On 27 December 2006 10:25:20 +0100 Renaud Allard <renaud@???>
> wrote:
>
> >
> >
> > Craig Whitmore wrote:
> >>>> I would like to increase a spam defense of our server by checking if a
> >>>> sender really represents an MX server of his/her organization. So if a
> >>>> certain PC is trying to send me an e-mail from user@??? then we
> >>>> will check if this person's IP address is within MX servers of
> >>>> domain.com, otherwise we'll refuse to accept the mail.
> >>>>
> >>>> Is it feasible? How can I achieve this?
> >>>>
> >>
> >> If a domain has set up SPF or SenderID records then you can use those so
> >> make sure the emails are coming from the correct places.
> >>
> >
> >
> > Unfortunately, many sites who have implemented SPF have implemented them
> > incorrectly.
> > Here is a very good example:
> > /var/log/exim4/rejectlog.13.gz:2006-12-14 15:51:53 H=host60.citrix.com
> > (FTLPEXCHSMTP01.citrite.net) [66.165.176.60]
> > F=<citrix_license@???> rejected RCPT <sorryfor@obfuscation>: SPF
> > check failed.
> >
> > If you strictly check SPF, you will reject good mails because many sites
> > administrators just forget they have servers sending mails from web
> > interfaces or in an automated way.
>
> Rejecting their emails should be an efficient way of concentrating their
> minds on fixing the problem.
I couldn't agree more - if they've left something out of their SPF
policy, they should fix it - and if they don't get any pain, they
won't.
