On 08.07.24 11:42, natan via Postfix-users wrote:
What you propose use ?
Maybe instead of not accepting such mail will better is change score in SA ?
This is a policy issue. You can choose your policy to be rejecting mail with
spf=fail, both spf=fail and spf=softfail, or reject any mail where spf is
nof pass or DKIM is not valid as Google set since new year.
so far I have used sailsafe options to use SPF at SA level:
HELO_reject = False
Mail_From_reject = False
PermError_reject = False
TempError_Defer = True
but I'm switching to SPF enforcement:
HELO_reject = Null
Mail_From_reject = Fail
PermError_reject = True
TempError_Defer = True
Another option is to reject DMARC failures, in addition to SPF or as it's
replacement.
W dniu 8.07.2024 o 11:36, natan via Postfix-users pisze:
What value do you use in postfix-policyd-spf in PermError_reject ?
HELO_reject = Fail
Mail_From_reject = Fail
#update 20240706
#PermError_reject = False
PermError_reject = True
TempError_Defer = False
I don't know if that's maybe too restrictive PermError_reject
But on the other hand, the sender should have correctly configured
SPF for his domain
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I feel like I'm diagonally parked in a parallel universe.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
