Christian Brel wrote: > On Wed, 24 Feb 2010 09:18:38 +0100 > Per Jessen <p...@computer.org> wrote: > >> LuKreme wrote: >> >> > On 23-Feb-10 14:17, Bowie Bailey wrote: >> >> SPF enforcement at the MTA is useless for the reasons you >> >> specified. The only exception is if you have a strict SPF policy >> >> for your own domain, you can use it to reject spam pretending to >> >> be from your users. >> > >> > And that makes it worthwhile all by itself. >> > >> >> Well, I guess it depends on your point of view - how difficult is it >> to set up an MTA to reject mails pretending to be from <yourdomain> >> that didn't originate on your MTA? >> >> >> /Per Jessen, Zürich >> > > Good question - how would you do it?
Postfix: I would have two different smtpd daemons - one for the local network, one for the external. The external smtpd would have a check_sender_access along these lines (thinking out loud here): check_sender_access = hash:/etc/postfix/reject_from_my_domain etc/postfix/reject_from_my_domain would have: example.com 5xx /Per Jessen, Zürich
