That's a problem all right. I don't expect that using the submission
port would fix that either. The spfbehavior file should be separate for
the submission port to make that happen.
Ultimately, SPF should not be enforced for authenticated users. There
has been some talk about implementing SPF in spamdyke (I've been a
proponent of this). Perhaps we can nudge Sam and get it implemented
there. That would solve the problem.
--
-Eric 'shubes'
On 11/17/2010 01:44 AM, Tony White wrote:
Hi Martin,
Found a big downside to it! Clients using their mobiles
for email sending can no longer send from their mobile
isp smtp server.
Bugger thought I had it beat as well.
On 17/11/2010 6:43 PM, Martin Waschbuesch wrote:
Cool! Let us know whether it has any impact. The upside to this is
that it will be harder for spammers to use your addresses to send to
other domains as well - although it is of course possible to spoof the
ip, too.
At any rate I hope this works out for you!
Martin
-----Ursprüngliche Nachricht----- From: Tony White
Sent: Wednesday, November 17, 2010 7:41 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] re Invalid rcpthosts client email
addresses sending emails to other rcpthosts clients
Hi Martin,
Thank you for that explanation. I had used the old spf web utility
to create the record you saw.
It would appear that that site is now the OLD one and the new
one does in fact do things differently now.
Thank you for your help, I have changed a single domain
as of now to test it before changing them all.
The site http://old.openspf.org/wizard.html, if you have time to look
at it,
does offer only the ~all option and if I had read the final page fully it
proves you are absolutely correct with your assessment.
Thanks again.
On 17/11/2010 5:24 PM, Martin Waschbuesch wrote:
Hi Tony,
OK, this *might* be something you should change. The way to read the
record is this:
The listed IP addresses are authorized to send mail for that domain.
All others are not.
HOWEVER, the '~all' tells recipients to treat this as a soft fail and
is supposed to be used for testing purposes. A lot of recipients will
accept mail from other hosts under this condition.
You might consider replacing it with this '-all'.
Fyi an excerpt from wikipedia:
+ for a PASS result. This can be omitted; e.g., +mx is the same as mx.
? for a NEUTRAL result interpreted like NONE (no policy).
~ for SOFTFAIL, a debugging aid between NEUTRAL and FAIL. Typically,
messages that return a SOFTFAIL are accepted but tagged.
- for FAIL, the mail should be rejected (see below).
Martin
-----Ursprüngliche Nachricht----- From: Tony White
Sent: Wednesday, November 17, 2010 1:46 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] re Invalid rcpthosts client email
addresses sending emails to other rcpthosts clients
Hi Michael,
A dig reveals this...
ycs.com.au. 7200 IN TXT "v=spf1 a mx ip4:111.223.234.146
ip4:125.168.12.213 ip4:125.168.254.24 ~all"
On 16/11/2010 6:07 PM, Martin Waschbüsch wrote:
What's the SPF record say? It should list the IPs and some options...
Von meinem iPhone gesendet
Am 16.11.2010 um 07:26 schrieb Tony White<t...@ycs.com.au>:
Hello Martin,
Thank you for your reply! I will investigate domainkeys now but the
SPF has been implemented for some time now...
On 16/11/2010 5:11 PM, Martin Waschbüsch wrote:
SPF and domainkeys can be used to do this. The policy for SPF
could be set to designating only your ip as valid and the
skim/domainkeys policy be set to 'all messages are signed'.
That should guarantee that your server will correctly identify
these mails as forgery. However, check your rules in tcp.smtp - if
one of your clients spams due to virus etc., that might bypass all
protections depending on the settings...
Von meinem iPhone gesendet
Am 16.11.2010 um 04:43 schrieb Tony White<t...@ycs.com.au>:
Hello,
Is there a way of verifying the From address that claims to be
from one of the domains
hosted here is a valid email address? There has been an increase
of spam using one or
more the domains hosted on my servers.
I am still searching the web but no searches found yet!
--
best wishes
Tony White
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
