On Aug 2, 2010, at 10:23 PM, Noel Butler wrote: > On Mon, 2010-08-02 at 22:13 -0400, donovan jeffrey j wrote: >> >> Greetings >> >> i have an internal dns server it resolvs all my queries from the inside. >> I have a mail system requesting an spf record. Should i add the same record >> on the inside as i do for the outside ? i don't want internal address space >> to mess with external. >> >> i would say just place it on my external dns. But it's an internal content >> filter that is asking for the record, so then shouldn't place it on the >> inside? >> >> any insight suggestions and flames welcome >> > Hi, > > Why not have internal clients use smtp auth on submission only, and bypass > spf (and other anti uce) tests?
clamav is picking up from an old relay and I think it's lowering the score because of an spf check. 192.168.1.2 is my mail gateway internal interface. myfilter.mydomain.com] received a message from 192.168.1.2 that claimed an envelope sender address of foo.mo...@dealstodaycheap.info. However, the domain dealstodaycheap.info has declared using SPF that it does not send mail through 192.168.1.1. That is why the message was rejected. i don't want my internal filter to lower scores just because that relay doesn't have an spf record, and I do not want to call the relay local. i want everything scanned from there. I may also not be understanding What Spf record clamav is looking for. my relay or his relay or mydomain ? i best start with my domain. > If postfix (since its the MTA used in your post, youm likely are), use: > submission inet n - n - - smtpd > -o smtpd_sasl_auth_enable=yes > -o > smtpd_client_restrictions=reject_unknown_sender_domain,reject_unknown_recipient_domain,permit_sasl_authenticated,reject > -o receive_override_options=no_milters > > But anyway, when I ran split views, I used spf on internal range using the > int IP, but used ~all in place of -all (which I use on externals). > > Cheers > Noel > thanks for the reply noel, i saw that option on a web site and i thought it was a typo ( ~ ) vs ( - ) what is the difference. -j On Aug 2, 2010, at 10:23 PM, Noel Butler wrote: > On Mon, 2010-08-02 at 22:13 -0400, donovan jeffrey j wrote: >> >> Greetings >> >> i have an internal dns server it resolvs all my queries from the inside. >> I have a mail system requesting an spf record. Should i add the same record >> on the inside as i do for the outside ? i don't want internal address space >> to mess with external. >> >> i would say just place it on my external dns. But it's an internal content >> filter that is asking for the record, so then shouldn't place it on the >> inside? >> >> any insight suggestions and flames welcome >> > Hi, > > Why not have internal clients use smtp auth on submission only, and bypass > spf (and other anti uce) tests? > If postfix (since its the MTA used in your post, youm likely are), use: > submission inet n - n - - smtpd > -o smtpd_sasl_auth_enable=yes > -o > smtpd_client_restrictions=reject_unknown_sender_domain,reject_unknown_recipient_domain,permit_sasl_authenticated,reject > -o receive_override_options=no_milters > > But anyway, when I ran split views, I used spf on internal range using the > int IP, but used ~all in place of -all (which I use on externals). > > Cheers > Noel > >
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
