On 27/12/06, Ian Eiloart <[EMAIL PROTECTED]> wrote: > > > --On 27 December 2006 10:25:20 +0100 Renaud Allard <[EMAIL PROTECTED]> > wrote: > > > > > > > Craig Whitmore wrote: > >>>> I would like to increase a spam defense of our server by checking if a > >>>> sender really represents an MX server of his/her organization. So if a > >>>> certain PC is trying to send me an e-mail from [EMAIL PROTECTED] then we > >>>> will check if this person's IP address is within MX servers of > >>>> domain.com, otherwise we'll refuse to accept the mail. > >>>> > >>>> Is it feasible? How can I achieve this? > >>>> > >> > >> If a domain has set up SPF or SenderID records then you can use those so > >> make sure the emails are coming from the correct places. > >> > > > > > > Unfortunately, many sites who have implemented SPF have implemented them > > incorrectly. > > Here is a very good example: > > /var/log/exim4/rejectlog.13.gz:2006-12-14 15:51:53 H=host60.citrix.com > > (FTLPEXCHSMTP01.citrite.net) [66.165.176.60] > > F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: SPF > > check failed. > > > > If you strictly check SPF, you will reject good mails because many sites > > administrators just forget they have servers sending mails from web > > interfaces or in an automated way. > > Rejecting their emails should be an efficient way of concentrating their > minds on fixing the problem.
I couldn't agree more - if they've left something out of their SPF policy, they should fix it - and if they don't get any pain, they won't. Peter -- Peter Bowyer Email: [EMAIL PROTECTED] -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
