Dave Lewis wrote: >> I think the 10 wrongly issued fail are the most urgent fix. I will >> look into them as soon as I have time. >> > I agree with this but it is the nxdomain error that I am regularly > seeing. It currently makes it impossible for me to activate SPF on my > mail server.
That depends on how you configure the "error" state in the BOFHSPF* settings. That result is returned in some situations that should not be handled as temporary errors (e.g. toolonglabel, the very first test in the suite.) Unfortunately, that way one also accepts cases, such as DNS lookup failures, which could be deferred by a 417 response. Accepting "error" along with "unknown", "softail", etcetera, is a possible workaround. I don't think it significantly affects the intended meaning of SPF filtering. > A couple of domains that currently cause the mx (nxdomain) error. > > ebay.com > cogeco.ca I'd suggest setting opt BOFHSPFHELO=all opt BOFHSPFMAILFROM=pass,none,neutral,softfail,unknown,error opt BOFHSPFFROM=all That is to say, if the domain admins are smart enough to deliver a loud and clear "fail", and only in such case, foreign postmasters can safely reject incoming messages on their behalf. To set up their DNS servers so that no lookup failure occurs can be considered part of the game. HTH ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
