On Tue, 2008-12-30 at 04:11 -0800, Bijayant wrote: > Thanks, but I do not want to reject those mails. Why not? The only reason I see is that legitimate senders also send to the same mail server. Get them to use smtp-auth and send the messages. (I know its easier said than done )
> I want only some scores to > be added if it fails the SPF test. So, should I have to configure postfix > also for this settings. > You can do SPF test at the MTA level , but then that wont help you much on scoring The SPF plugin in SA can help you score mails forged with from as your domain But If legitimate senders, of your domain, are also sending to the same server , your SPF record should include all of their ips.:-) Read more on SPF records and where they are useful. http://www.openspf.org/FAQ Thanks Ram > > mouss-2 wrote: > > > > Bijayant a écrit : > >> Hi, > >> > >> I am a newbie so please excuse me if its a very silly question. I have > >> been > >> searching the forums and Internet about my query but could not found > >> satisfactory answer. I am using Postfix+amavisd-new+spam-assassin on my > >> mail > >> server. We get many spam mails from our own emails. Then we came to know > >> that SPF can prevent this. I want to implement this but do not know how > >> to > >> do this. We have created the SPF records for our domains and about to put > >> in > >> to DNS. > >> But I have a some confusion. I want to give some sa-score based on spf > >> check. > >> For this, 1) does postfix has to be also configured to support SPF or > >> insert > >> some headers or spam-assassin alone can be used? > >> 2) If yes then what? > >> 3) If not then, How the headers will be inserted regarding SPF checks? > >> > >> Please suggest me how to proceed or some doc/links pointing in to right > >> direction. > > > > you can reject such mail in postfix: > > > > smtpd_recipient_restrictions = > > permit_mynetworks > > permit_sasl_authenticated > > reject_unauth_destination > > check_sender_access hash:/etc/postfix/access_sender > > ... > > > > == access_sender: > > mydomain.example REJECT blah blah > > .mydomain.example REJECT blah blah > > > > with this, your domain can be used as sender only if mail comes from > > your networks or was SASL authenticated. > > > > PS. do not put the check_sender_access before reject_unauth_destination. > > > > if you have questions regarding this, post on the postfix-users list. > > > > > > > > >
