Re: [exim] Before I add SPF checking :-)

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Peter Bowyer
日付:  
To: exim users
題目: Re: [exim] Before I add SPF checking :-)
2009/1/1 Frank DeChellis <frankd@???>:
>
> Hi there,
>
> I use Exim 4.67 on NetBSD.
>
> I have been reading about implementing libspf2 into my system but before I
> do :-) Have any of you ever installed SPF using this method:
>
> http://www.libspf2.org/patch/25_exim4-config_spf
>
> Any downfalls I should watch for?


That method uses a standalone daemon around libspf2 ('spfd'). Exim has
the ability to call libspf2 directly (as long as you compile it in) -
I would recommend you use the built-in mechanism. Check out
http://wiki.exim.org/SPF .

> Will it only do SPF checks on domains that have SPF records?


Good question. Using appropriate tests in your ACLs you can control
exactly what domains are tested and what action to take on what
outcomes. My setup uses SPF as a whitelist for an internal list of
'trusted' domains, and will never reject a message based on an SPF
result alone. Rejecting outright on SPF FAIL leaves you vulnerable to
SPF's 'breaks when mail is forwarded' limitation. As I'm sure someone
will point out shortly.

Peter


--
Peter Bowyer
Email: peter@???
Follow me on Twitter: twitter.com/peeebeee