Daniel Quinlan <[EMAIL PROTECTED]> writes: >> missed. We should be attempting to couple SPF pass with specific names. >> For example, it should be required for our default whitelist.
Theo Van Dinter <[EMAIL PROTECTED]> writes: > I don't know about "required" (we can't force these places to use > SPF), but if SPF exists we should definitely use it for the whitelist. We can't force them, but they can't force us to include a whitelist either. We could easily add a requirement: no SPF, no whitelist. > Perhaps we should modify whitelist_from_rcvd that instead of > specifying the Received header we can specify a rulename (ala > SPF_PASS)? Well, it should have a new whitelist name, but it's the > idea really ... ;) > > Without that, perhaps a meta rule ala: > > meta DEF_WL_FORGED USER_IN_DEF_WHITELIST && SPF_FAIL > > this is the same idea, but doesn't require SPF records to exist at > the start. We need testing for both a negative and a positive rule. I think that a negative rule will be safer since SPF_PASS falses are not dropping off as fast as I'd like. 0-1 months old: 1.224 1.3110 0.0144 0.989 0.80 1.00 SPF_FAIL:0-1 0.080 0.0375 0.6749 0.053 0.33 -0.00 SPF_PASS:0-1 1-3 months old: 2.473 3.3886 0.0217 0.994 0.79 1.00 SPF_FAIL:1-3 0.969 0.3478 2.6307 0.117 0.39 -0.00 SPF_PASS:1-3 Daniel -- Daniel Quinlan http://www.pathname.com/~quinlan/
