On 2022-04-14 02:40, John Levine wrote:
It appears that Benny Pedersen <[email protected]> said:
On 2022-04-13 19:27, Matus UHLAR - fantomas wrote:
however, they miss the nullmx record:
gmail.dk. 300 IN MX 0 .
if nullMX is added then spf and dmarc can be removed
You need both the null MX and the SPF. Null MX says you
don't receive mail, SPF -all says you don't send mail.
why is spf needed if domain is nullMx ?
i do not test spf in mta stage at all
in other words if a domain is nullMx postfix still reject it, aswell for
senders
sendmail -f [email protected] -bv root
no ? (root is delivered non local to test this one)
The DMARC record is a matter of taste. The reports can be
amusing to see who's forging your address.
and dmarc is not used here, waiting for spamassassin 4.x.x, no milters
on my server anymore
trustedproject is unstable code, i say this as long opendkim can reject
mails
