On Tue, 2008-12-30 at 13:38 +0000, Ned Slider wrote: > ram wrote: > > On Tue, 2008-12-30 at 04:11 -0800, Bijayant wrote: > >> Thanks, but I do not want to reject those mails. > > Why not? > > I agree - this is by far the simplest method of tackling this problem. > SPF is meant as a mechanism for *others* to block mail spoofed from your > domain. > > > The only reason I see is that legitimate senders also send to the same > > mail server. Get them to use smtp-auth and send the messages. > > (I know its easier said than done ) > > > > What's not easy, implementing smtp-auth or forcing users to use it? > > Seems easy to me: > > Implementing: > > http://www.postfix.org/SASL_README.html#server_sasl > http://wiki.centos.org/HowTos/postfix_sasl > > Forcing users to use it: > > Restrict $mynetworks to only allow 127.0.0.0/8 so anyone *not* on > localhost *has* to authenticate. >
And what if your Boss ( or your client ) yells at you , "How dare my mails get rejected at your server ?". Dealing with technology is very easy, not the same for people. The typical response I will get in such a situation is "I always used my Outlook to send mails and now this stopped working. So it is *your* fault and *you* have to fix it" And Worse, there are still some archaic smtp relay servers in use that dont support smtp-auth!!. Can you get them all to upgrade at once ?? We have done all this and know it is a pain. Getting those important IP's writing special rules in postfix to allow etc etc .... Thanks Ram
