Am 18.01.2015 um 12:28 schrieb SW:
Am 18.01.2015 um 12:01 schrieb SW:
I have an SPF record created in DNS for my domain. In my main.cf config
file
for Postfix I have the following SPF settings:
spf_received_header = yes
spf_mark_only = no
smtpd_recipient_restrictions = peject_spf_invalid_sender,
permit_spf_valid_sender,
smtpd_sender_restrictions = reject_spf_invalid_sender,
permit_spf_valid_sender
Is the above config correct to reject received emails that is NOT being
delivered from the specified IP addresses in SPF?
a) postfix don' t support SPF out of the box
there are policy daemons for that task
b) hence all the spf_ params are fantasy
c) SPF of your own domain is not relevant for yourself
to receive mails, to prevent forged mails just add
you domains in a access table with a reject and place
"permit_mynetworks" and "permit_sasl_authenticated" in
front of that restriction
When I ran make config (on FreeBSD) to install the Postfix port I selected
the SPF support option. I assumed that would allow me to do SPF checking
with the options I mentioned? Although, I just noticed that when I ran make
config now it says:
SPF - SPF support (via libspf2 1.2.x)
that's a unofficial patch i guess and would have been a good idea to
mention your environemnt in the initial post
Is this the policy you were referring to? I do have libspf2 installed
currently.
i referred to a *policy daemon*
http://www.postfix.org/SMTPD_POLICY_README.html
https://www.google.at/search?q=spf+policyd
If I check the mail headers I can see the SPF:
Received-SPF: pass (mail.domain.com: domain of anotherdomain.net designates
xxx.xxx.xxx.xxx as permitted sender)
Does this mean SPF is working correctly?
looks so but that's likely the wrong mailing list because these options
are *not* part of a stock postfix
https://www.google.at/search?q=postfix+reject_spf_invalid_sender