I'm of the same opinion as the article, mainly because I want users to
get email. I have mine set to 1. IMHO, I wouldn't reject any emails as
there are many mis/non configured DNS records.
On 6/17/2018 10:26 AM, Tony White wrote:
Thank you Eric.
I have read this but still would like opinions.
best wishes
Tony White
On 18/06/2018 01:51, Eric Broch wrote:
control/spfbehavior
Use this to turn on SPF checking. The default value is 0 (off). You
can specify a value between 0 and 6:
* 0: Never do SPF lookups, don't create Received-SPF headers
* 1: Only create Received-SPF headers, never block
* 2: Use temporary errors when you have DNS lookup problems
* 3: Reject mails when SPF resolves to fail (deny)
* 4: Reject mails when SPF resolves to softfail
* 5: Reject mails when SPF resolves to neutral
* 6: Reject mails when SPF does not resolve to pass
Values bigger than 3 are strongly discouraged, you probably want to
go with 2 or 3. Important: This setting can be overridden using the
environment variable SPFBEHAVIOR, e.g. from tcpserver rules. Note:
If RELAYCLIENT is set, SPF checks won't run at all.(This also
includes SMTP-AUTH and similar patches)
On 6/17/2018 9:29 AM, Tony White wrote:
Hi folks,
Can I get your opinions please?
I am seriously considering making SPF give
hard errors if the SPF record does not indicate
the sender smtp is not allowed to send on behalf
of a domain.
The question is, is this the right thing to do?
TIA :)
--
Eric Broch
White Horse Technical Consulting (WHTC)
--
Eric Broch
White Horse Technical Consulting (WHTC)
--
Eric Broch
White Horse Technical Consulting (WHTC)