Hi Philip, > Wouldn't it be a lot easier simply to reject those with SPF? If > you're seeing mail from one of your domains coming in from a host you > know couldn't have legitimately sent it, you can reject it outright.
That would block not just the spam, but also legitimate bypassing through forwarders and email lists (if they don't do VERP). I would prefer not to go there for something that could be solved with local information. > > If you don't want to use SPF, you could use a combination of a > check_client_access to whitelist your hosts followed by a > check_sender_access. > That's a neat work-around. It hinges on not having any checks or rejects after these ones, but for the sender_restrictions, that is currently true. >> One way to go could be to create a database of sender domains to >> validate, enter my own domains in it, and use "external" access to my >> own MTA and probing it. But that leads to cyclic probing! I suppose >> I am really looking for something simpler -- namely an invocation of >> the virtual(8) server for addresses on the said lists. > > Why bother validating the address? Because that is the vital piece of information that sets the attempts by spammers aside from proper behaviour. Because that gives a good source for detecting, with high degree of certainty, that a party is sending spam. > >> I don't see how I can do this with Postfix, and it's not even simple >> in a policy due to the cyclic risk. What are others doing in this >> respect? Thanks, for your input Phil! -Rick
