It might be wise to say that every installation is different and has a different set of optimal settings.
First of all, you'll need to check your logs for "517 SPF fail" messages for a while to find addresses you need to whitelist when you first enable SPF checking. If you have anyone who sends you highly important e-mails you might wish to whitelist them before trying SPF checking. To do this you might open a terminal window, CD to /var/log, and type tail -f maillog | grep '517 SPF fail' Here's my recipe: First, make sure your own DNS server has SPF .txt entries for your side of this. This is part of the recipe for rejecting spam. An incredible amount of spam is sent by senders silly enough to try to put your e-mail address in the "From:" field, and this will reject those obvious forgeries. Use the hard fail code: "-all" rather than the soft fail code "~all". Use the courierwebadmin interface to do the SPF settings in courier -- it's more convenient than working with the configuration files directly. Log in and find the SPF settings in the damin menu indented under the rest of the esmtpd settings. Enable sender policy framework checking for: Remote server ID (EHLO/HELO): enabled (default options) Return address (MAIL FROM:): enabled (default options) Sender's address (From: header): enabled (default options) Options: Do not check "Suppress custom rejection error messages." Do check "Disable SPF checking for clients with relaying privileges." Also check "Disable SPF checking of From: header if MAIL FROM passes SPF checking." Bounces: Check only "fail" is a hard bounce. ----- Original Message ----- From: Eric Stewart To: [email protected] Sent: Thursday, September 13, 2007 2:22 PM Subject: [courier-users] Recommended SPF Settings? I was just reading the recent list thread about Courier rejecting inbound emails because of SPF failures. Would anyone on the list like to share their recommended settings for SPF? Thanks. I've been lurking on this list for quite some time and find it very informative. I'm not running any kind of big enterprise MTA, but am rather using Courier-MTA for my own personal email server. /Eric Canada _______________________________________________________________________ All outgoing email scanned for viruses by ClamAV 0.92.1 and for SPAM by SpamAssassin v3.20 ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
