Le 28/01/2012 17:51, Noel Jones a écrit :
On 1/28/2012 12:54 AM, Frank Bonnet wrote:
Hello
I need some clarifications on the verify_sender statement :
What I would like to do :
When our MX receive an email from [email protected] I would like
Postfix perform a DNS lookup to verify that the IP address of
the sender is really part of the domain "domain.tld" and if not
reject the email from [email protected] saying :
"Your email has been rejected because
your IP address is not in the domain "domain.tld" "
This would result in a high rate of false positives while having at
best a modest impact on spam -- most of the mail it would correctly
reject could also be safely rejected by a good dnsbl or other rules.
The reason SPF was invented is because there are too many hosted
email systems where the sender domain has no apparent connection to
the PTR of the legit originating server. Indeed, there is no
requirement nor "best practice" that the PTR of a mail server match
the domain being sent. Likewise, there is no requirement that a
sending server also be an MX receiver.
SPF, with all its warts, is the only reliable way to determine if a
host is authorized to send mail on behalf of some domain.
Even with SPF, it's generally unwise to reject all mail that fails;
rather use the failure in a scoring system such as SpamAssassin as
an indicator contributing to the final determination.
-- Noel Jones
OK I see ... but SPF is far to be configured everywhere it seems :-)
gonna see if spamassasin could help
Thanks for your clear answer
