Bijayant wrote:
>
> From all the discussions and reading all the replies in this thread I have
> understood many things like
> 1) We use smtp-auth for sending the mails. So, I can reject all mails
> which are not generating from my mail server, right? This will be a good
> tactics.
> Now the SPF parts,
> 2) If the SPF records is configured in DNS, then we do not have to do any
> additional configuration in Postfix and spamassassin. We can create the
> Meta rules in local.cf to increase/decrease the score, right?
> 3) Gmail adds a header like "Received-SPF: fail/pass/neutral". I think MTA
> is adding this header. How this type of headers can be added?
>
> Sorry for replying my own message, but I tried the option1 and found that
> I am getting undelivered notification because it was destined to my
> email-id. Any comments ?
>
>
> Martin Gregorie-2 wrote:
>>
>> On Tue, 2008-12-30 at 15:36 +0100, Arvid Ephraim Picciani wrote:
>>> On Tuesday 30 December 2008 12:44:09 Bijayant wrote:
>>> > Hi,
>>> >
>>> > I am a newbie so please excuse me if its a very silly question. I have
>>> been
>>> > searching the forums and Internet about my query but could not found
>>> > satisfactory answer. I am using Postfix+amavisd-new+spam-assassin on
>>> my
>>> > mail server. We get many spam mails from our own emails. Then we came
>>> to
>>> > know that SPF can prevent this. I want to implement this but do not
>>> know
>>> > how to do this. We have created the SPF records for our domains and
>>> about
>>> > to put in to DNS.
>>> > But I have a some confusion. I want to give some sa-score based on spf
>>> > check.
>>> > For this, 1) does postfix has to be also configured to support SPF or
>>> > insert some headers or spam-assassin alone can be used?
>>>
>>> no. SPF will be checked against the last host outside your trusted
>>> path.
>>> the defaults should be perfectly fine for a simple setup were you only
>>> have
>>> one.
>>>
>> Here's a description of what SPF is and what its meant to do:
>> http://www.openspf.org/
>>
>> As others have said, SA can check incoming messages against the alleged
>> sender's domain to see if that's where the message really came from
>> provided the SPF plugin is installed and enabled.
>>
>> Most modern MTAs can also use SPF records to see if undeliverable mail
>> has a forged sender address. If so, they won't send a rejection slip
>> since that would go to the wrong place. Such rejection slips are known
>> as 'backscatter' and are a real annoyance, so be kind to other mail
>> users and set up an SPF record for your domain. There are wizards and
>> test tools to help you create a valid record here:
>> http://www.kitterman.com/spf/validate.html
>>
>>
>> Martin
>>
>>
>>
>
>
--
View this message in context:
http://www.nabble.com/Implementing-SPF-tp21216090p21228928.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
