Le 15/08/2011 17:29, Drizzt a écrit :
> Hi,
>
> I have a setup whereby we check for spoofing. That is, anyone using an
> envelope from in our domain is blocked. In a similar fashion we stop our
> own hosts from spoofing others.
>
> For reference:
> - external spoofing:
> check_sender_access: mysql /etc/postfix/mysql-spoofing.cf
> - internal spoofing
> check_client_access + check_sender_access (by use of custom restriction class)
>
> This works fine, and as I see it there is no reason why anyone should
> ever use spoofing (of a domain, not their own).
>
> However, as things go in business, we have the request that:
> - We must allow internal hosts to spoof (e.g. gmail)
this is a local policy issue. you can allow users to send with their
seleced MAIL FROm addresses. however, with SPF and "automatic spf", it
is not guaranteed that their email will be "acceptable" to recipient sites.
> - We must allow other parties to spoof us (marketing e-mails send out by
> bulk hosts)
hmmm. I've seen them "spoofing" the From header, but rarely the MAIL
>From (the envelope sender) address.
the "traditional" problem is with mail forwarding. but the "pressure" is
too high since some years that this is become a "not a problem"
("traditional" mail forwarding is dying if not already dead).
but anyway, do these restrictions really help you fight spam? if these
restrictions only block 1% o spam, which you can block otherwise, then
why keep them?
>
> In effect removing these restrictions (are introduce exceptions that
> open up complete network segments).
>
> Input from the marking company reads: It is common to do this. (My
> internal voice says: for spam hosts you mean).
>
> My question in short:
> Should I allow this? They can put in the header whatever they want as
> long as they leave the envelope sane.
>
>
>
