Damian Myerscough a écrit : > Hello all, > > I thought there was a way in Postfix to perform DNS lookups on the > senders domain. > > For example, if I send a forged mail from my machine to say my gmail > address then > if I look at the full headers I can see the actual IP address it was > sent from and it does > not resolve the the forged address. > > I thought google were actually using this method. >
maybe you want SPF (google for spf policy server). however: - not all domains have an SPF record. for example, yahoo, outblaze, ... don't have SPF records. - some domains have SPF records, but they "forget" to include all authorized sources. - if your users have forwarders, you need to whitelist these. ... Please note that debating whether spf is good or not is taboo here. different people have different opinions. use google to see what has been said, and decide what to do. if your problem is only related to few domains (hotmail, google, yahoo, ...) then see my previous post. but then again, care is needed because if yahoo sends from a hostname named ymail.com, you need to allow it. before taking this road, make sure you are using "common" anti-spam defences. once this is done, check how many spam slips, and if it is worth the pain to try other postfix checks. sometimes, a content filter is more appropriate.