Alessandro Vesely wrote: > So have I. Probably it has never been made crystal clear that people > should define TXT records for each host (probably "v=spf1 +a -all"). > See http://new.openspf.org/FAQ/The_demon_question Yeah, I've done this for my domains. I see I'm in the minority. :-) > What field was marked softfail? When you forward mail you must replace > the MAIL FROM sender with something like [EMAIL PROTECTED] > (SRS'idea is to forward any resulting bounce to [EMAIL PROTECTED] Luckily > Courier does not do so.) The FROM field is marked softfail sometimes if the FROM and HELO do not pass. > At any rate, the internal FROM sender is considered the author and is > usually left alone. That's why there is a mailfromok. (One reason one > checks FROM is when MAILFROM is empty.) Thanks to your suggestion, I've put mailfromok in there, as I see that most of the time MAILFROM passes, but FROM may not (mixed bag of not pass, unknown, and softfail). > I also let 'error' for both FROM fields. After you mentioned this I saw error for some legitimate mail in the maillog. I've added that to the list too. > By doing SPF filtering you are making a favor to the users of the > domain(s) > specified in those fields. In facts, you save their domain name from > abuse. > However, the domain owners must be smart enough to provide robust DNS > servers > and good TXT records. When they succeed in putting a 'fail' on an > address, > your server obeys. Isn't it that way? This works wonderfully when this is all set up. > Most clients are not SPF-aware, and don't let users configure the HELO > name. Ok, that explains why so few seem to pass on HELO.
Well, thank you Alessandro for clearning a lot of this up for me. I've noticed that SPF does improve my chances of not getting phising mails, but I still get two SPAM a day (rather than 300). I've set up DNS blocklist checking as well. Other than bogofilter and client-side SPAM solutions, are there any other free options I can set up on the server that are in any way effective at not removing/bouncing legitimate mail? Thanks again for the response, --Shawn ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
