On Tue, 2008-12-30 at 21:30 -0800, Bijayant wrote: > >From all the discussions and reading all the replies in this thread I have > understood many things like > 1) We use smtp-auth for sending the mails. So, I can reject all mails which > are not generating from my mail server, right? This will be a good tactics. > Now the SPF parts, > 2) If the SPF records is configured in DNS, then we do not have to do any > additional configuration in Postfix and spamassassin. We can create the Meta > rules in local.cf to increase/decrease the score, right?
No need for a meta rule. You can redefine the score in local.cf and that will override the default > 3) Gmail adds a header like "Received-SPF: fail/pass/neutral". I think MTA > is adding this header. How this type of headers can be added? > > Try Google search , or ask in the MTA mailing list. That is off-topic here Thanks Ram BTW: Any post you make to the list I see multiple copies. I am not sure why anyway > Martin Gregorie-2 wrote: > > > > On Tue, 2008-12-30 at 15:36 +0100, Arvid Ephraim Picciani wrote: > >> On Tuesday 30 December 2008 12:44:09 Bijayant wrote: > >> > Hi, > >> > > >> > I am a newbie so please excuse me if its a very silly question. I have > >> been > >> > searching the forums and Internet about my query but could not found > >> > satisfactory answer. I am using Postfix+amavisd-new+spam-assassin on my > >> > mail server. We get many spam mails from our own emails. Then we came > >> to > >> > know that SPF can prevent this. I want to implement this but do not > >> know > >> > how to do this. We have created the SPF records for our domains and > >> about > >> > to put in to DNS. > >> > But I have a some confusion. I want to give some sa-score based on spf > >> > check. > >> > For this, 1) does postfix has to be also configured to support SPF or > >> > insert some headers or spam-assassin alone can be used? > >> > >> no. SPF will be checked against the last host outside your trusted > >> path. > >> the defaults should be perfectly fine for a simple setup were you only > >> have > >> one. > >> > > Here's a description of what SPF is and what its meant to do: > > http://www.openspf.org/ > > > > As others have said, SA can check incoming messages against the alleged > > sender's domain to see if that's where the message really came from > > provided the SPF plugin is installed and enabled. > > > > Most modern MTAs can also use SPF records to see if undeliverable mail > > has a forged sender address. If so, they won't send a rejection slip > > since that would go to the wrong place. Such rejection slips are known > > as 'backscatter' and are a real annoyance, so be kind to other mail > > users and set up an SPF record for your domain. There are wizards and > > test tools to help you create a valid record here: > > http://www.kitterman.com/spf/validate.html > > > > > > Martin > > > > > > >
