Re: [exim] Default enabling of dnsdb

Top Page
Delete this message
Reply to this message
Author: Ian Eiloart
Date:  
To: Jethro R Binks, exim-users
Subject: Re: [exim] Default enabling of dnsdb


--On 6 May 2009 09:53:42 +0100 Jethro R Binks <jethro.binks@???>
wrote:

> On Wed, 6 May 2009, Mike Cardwell wrote:
>
>> Quite a lot of domains have an SPF record of "v=spf1 -all". I never
>> found out *why* this is the case, but it is.
>>
>> That particular SPF record is a clear policy of "This domain DOES NOT
>> send mail," so you don't have to worry about email forwarding or any of
>> the other issues with SPF.
>>
>> You can use that quoted rule at any point after and including
>> "acl_smtp_mail" to reject email with domains in the sender envelope,
>> containing that SPF record.
>
> I might be being slow today ... why as late as acl_smtp_mail? Can it not
> be used in the rcpt acl?


Yes, and it should be. However, acl_smtp_mail is inspected at "MAIL FROM"
before the rcpt acl. Of course, you should wait until RCPT because the RCPT
might be postmaster, and the sender domain might be a genuine error.

> Jethro.
>
> . . . . . . . . . . . . . . . . . . . . . . . . .
> Jethro R Binks
> Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK




--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/