On Fri, 11 Sep 2009, MySQL Student wrote:
are you recieving forwarded emails from spf domains ?
If I understand correctly, no. I have no relationship with any external
source and their SPF records.
if so add the forward ip to trusted_networks (so spf will be disabled
from this hosts)
Do you mean to avoid the processing overhead? IOW, don't bother checking
SPF records for trusted domains?
One of the problems with SPF is that someone who sets up forwarding (e.g.
you have a gmail account, and you set it to automatically forward messages
to your "real" account) breaks SPF checks for messages received via the
forward. If I send a mail to your gmail account, and google forwards it to
your real account, your MTA will see a message from an @impsec.org address
originating from an MTA that my SPF record says is not a valid source. SPF
fail.
If you tell SA that google is trusted, that pushes the SPF test point back
one step - where did *google* receive the message from? mail.impsec.org?
Okay, then - SPF pass.
On a somewhat related note, how does BOTNET differ from RDNS_NONE?
What is the logic behind the BOTNET rule? Is there some known list
that it's checking, or is it just likely to be a dynamic IP or
compromised host if it doesn't have a reverse DNS entry?
RDNS_NONE is, well, _no_ rDNS data.
BOTNET uses a lot of heuristics to determine whether the sender looks
dynamic. I suggest you read the list archives back when it was first
proposed and released for more details.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
An entitlement beneficiary is a person or special interest group
who didn't earn your money, but demands the right to take your
money because they *want* it. -- John McKay, _The Welfare State:
No Mercy for the Middle Class_
-----------------------------------------------------------------------
5 days until the 222nd anniversary of the signing of the U.S. Constitution