Matus UHLAR - fantomas skrev den 2018-06-16 16:37:
not external networks. only external mail servers you trust not to
forge e-mail
headers. They may send spam but are not the spam sources.
On 16.06.18 19:06, Benny Pedersen wrote:
not correct
spamassassin need to know all wan ips your own servers use, it does
not need to protect forgin senders ips or even trustness of forgin
see the docs:
A trusted host could conceivably relay spam, but will not originate it, and
will not forge header data. DNS blacklist checks will never query for hosts
on these networks.
adding client IPs means you trust them not to forge mail headers, which is
a bad thing for clients. Infected clients WILL send mail with forged
headers.
spf is a better forgin protector
SPF is checked on internal_networks boundary.
for SPF check to work properly, you MUST configure your internal_networks
properly - SPF is checked where message enters your network, primary or
backup servers.
For SPF check to be done on proper IP, all your servers in your mail routing
should be in internal_networks and nothing more.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name.
