On Wed, 30 Apr 2008, Alessandro Vesely wrote: > Joe Laffey wrote: >> opt BOFHSPFHARDERROR=fail >> [...] >> BOFHSPFHARDERROR=fail to remove the default softfail in that variable. > > Sounds slightly nonsensical, as a "~all" doesn't have a decent chance > to be amended within the few days that a temporary failure can keep a > given message in the remote host's queue.
Ah, I see your point. But how to handle a softfail just once? By putting softfail in the list of BOFHSPFMAILFROM I am ignoring softfails, and passing them anyway... right? > > > Odd thing is that it is tempfailing on an address/ip combo that should be > > working ([EMAIL PROTECTED] and 64.12.138.200). > > In facts, I get > > # rfc1035/testspf [EMAIL PROTECTED] 64.12.138.200 ... > pass > > According to http://www.openspf.org/RFC_4408 , you can get a TempError > as a consequence of DNS lookup failures or timeouts. Yes. This was what I tested, and why I thought it was odd that this address/ip combination was tempfailing (4xxx error code). I added "error" to BOFHSPFMAILFROM and this seems to have fixed it. It would be very nice if the SPF checking code would log the type of failure (the SPF keyword, e.g. "pass", "fail", "softfail", "error") with each logged rejection. This would make it easier to tell what was happening. > > > Also is there a way to instruct courier to ignore SPF for certain domains? > > AFAIK no. That should be amended, to fix forwarding. (One should login > in order to submit mail without SPF checking. However, authenticated > hosts currently get full RELAYCLIENT permissions.) > Would be nice for instances when some client "must" receive mail from somebody who has their SPF records set incorrectly (like they have them set conservatively and the sender is on the road using some other SMTP, when they should be logging in to the corporate SMTP, etc.). I also removed the entry for BOFHSPFFROM, setting it to "all". Like the docs say, this caused problems with mailing list messages, blocking any original FROM addreses with SPF records when the message was relayed through the list server... This leaves me with: opt BOFHSPFMAILFROM=pass,none,softfail,neutral,unknown,error opt BOFHSPFFROM=all opt BOFHSPFHARDERROR=fail Comments appreciated. Thanks, -- Joe Laffey | Visual Effects for Film and Video LAFFEY Computer Imaging | ------------------------------------- St. Louis, MO | Show Reel http://LAFFEY.tv/?e10302 USA | ------------------------------------- . | -*- Digital Fusion Plugins -*- -------------------------------------------------------------------------- ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
