Saturday, May 7, 2011, 4:34:03 PM, you wrote: > On 05/07/2011 01:13 PM, Dennis Carr wrote: >> Over the past couple days I'm noticing mail coming in from outside that is >> supposedly from users of mine - but apparently isn't. HELO message comes >> from chez-vrolet.net which is in my $mynetworks setting, but the IP >> address for the incoming machine does not match DNS. >> >> What adjustment in main.cf should I look at? On the surface, >> permit_mynetworks in strategic locations can be eliminated, but last time >> I did that, I couldn't send mail from localhost. >> >> -Dennis >>
> $ dig +short chez-vrolet.net txt > "v=spf1 ip4:206.225.171.23 a mx ~all" > The merits of SPF aside, this is like, what it was designed for. Why > don't you check your own record? What does that prove? Depending upon your local policies: '~all' merits a possibility for a reject. '-all' merits a reject. I don't use SPF here. I assume the OP was looking for a way to reject HELO/EHLO from hosts making connections falsifying domains on the OP's server. There has already been posts on ways to reject such things. However, the OP has yet to provide logs demonstrating the issue at hand. -- Duane
