Package: postfix-policyd-spf-python Severity: important Dear Maintainer,
I would propose to change the default of HELO_reject in /etc/postfix-policyd-spf-python/policyd-spf.conf to HELO_reject = Fail instead of the current HELO_reject = SPF_Not_Pass The main problem is that the current option rejects all messages that are producing a soft-fail, e.g., missing entries with a ?all final entry. Additionally, rejecting on HELO is non-default but still useful but should not be more strict then the actual check in Mail_From_reject which also defaults (imho correctly) to Fail. Cheers, Axel -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)