Thank you very much Peter, and everyone who have contributed valuable insite
on howto stop spam.
Peter Bowyer-2 wrote:
>
> On 17/09/2007, Elijah Daniel <databug@???> wrote:
>>
>> I've been searching the web on howto block domain with this SPF entry
>> "v=spf1
>> +all" on exim4 on debian but couldn't find howto do it. We are using
>> Exim4
>> on debian with spamassin installed.
>>
>> On SpamAssassin we have this rules
>>
>> header RCVD_SPF_PASS Received-SPF =~ /pass .+mydomain.com.: domain of/i
>> describe RCVD_SPF_PASS SPF check for sender passed
>> score RCVD_SPF_PASS -3
>> score SPF_HELO_FAIL 2
>>
>> So Spamassassin will give score -3 on those mails with spf entry. I'm
>> thinking of blocking the site on exim level, if exim could be setup to
>> refuse to talk smtp server with that spf entry.
>>
>
> Better rethink your use of SPF. The simple fact of an SPF PASS,
> whether or not the domain publishes +all, doesn't indicate anything
> about the spamminess of a message. All it does is confirm that the
> message came from the domain it claims to have come from.
>
> What's missing is your (or someone you trust's) opinion or experience
> about that domain. Use your own whitelists ("I trust mail from
> domain1.com so an SPF PASS from that domain means 'ham') and
> blacklists ("I know domain2.com are spammers, so an SPF PASS from that
> domain means 'spam').
>
> You could also look at third-party reputation services such as
> karmasphere.com which can be integrated into Exim as DNSBLs.
>
> Peter
>
> --
> Peter Bowyer
> Email: peter@???
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
>
--
View this message in context:
http://www.nabble.com/block-domain-SPF-with-v%3Dspf1-%2Ball-tf4464511.html#a12787551
Sent from the Exim Users mailing list archive at Nabble.com.