On 01/25/2018 12:59 PM, Reindl Harald wrote:
Am 25.01.2018 um 19:48 schrieb David Jones:
Since very few sites can reject on SPF fails because SPF failures are
so prevalent on legit email, I don't think this is happening in the
real world.
says who?
check_recipient_access proxy:hash:/etc/postfix/skip_spf_check.cf
permit_dnswl_client dnswl-aggregate.thelounge.net=127.0.0.5
permit_dnswl_client wl.mailspike.net=127.0.0.[19;20]
permit_dnswl_client list.dnswl.org=127.0.[0..255].[2;3]
check_policy_service unix:private/spf-policy
You are excluding a ton of clients from SPF checks with that config.
How many total IPs are covered in your local
dnswl-aggregate.thelounge.net whitelist?
My policyd-spf runs from the Postfix master.cf to add headers to all
email for SA to examine.
--
David Jones
