On Sat, Jan 26, 2013 at 5:18 AM, Raymond Norton <admin@???> wrote:
> What would be a safe condition to use SPF, without being too stringent?
Here is what I do on my mail servers. I put this pretty early in my
data acl, just before the virus scanning:
# Perform spf check in data acl so there is a mailq id
deny message = SPF BLOCK Sender $sender_host_address is
not allowed to send mail from $sender_address_domain ($header_from:):
$spf_smtp_comment
!authenticated = *
hosts = !+relay_from_hosts
sender_domains = lsearch;/email/exim/spf_neutral_reject_domains
spf = fail : neutral
deny message = SPF BLOCK Sender $sender_host_address is
not allowed to send mail from $sender_address_domain ($header_from:):
$spf_smtp_comment
!authenticated = *
hosts = !+relay_from_hosts
sender_domains = !lsearch;/email/exim/spf_exclude_domains
spf = fail
defer message = SPF DEFER to $spf_header_comment: $spf_smtp_comment
!authenticated = *
hosts = !+relay_from_hosts
sender_domains = !lsearch;/email/exim/spf_exclude_domains
spf = err_temp
warn hosts = !+relay_from_hosts
!authenticated = *
spf = pass
log_message = SPF PASS ($spf_result) to $spf_header_comment
add_header = X-Scanned-By: libspf2
add_header = :at_start:$spf_received
warn hosts = !+relay_from_hosts
!authenticated = *
spf = softfail : neutral : err_perm
log_message = SPF ALLOW ($spf_result)
$sender_address_domain to $spf_header_comment
add_header = X-Scanned-By: libspf2
add_header = :at_start:$spf_received
If you have any questions about what it does, just ask. But if you
look at it and work from top to bottom, you should be able to see the
logic that it's using.
...Todd
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine
