On Wed, 24 Feb 2010 10:28:24 +0100 Per Jessen <p...@computer.org> wrote:
> Christian Brel wrote: > > > On Wed, 24 Feb 2010 09:18:38 +0100 > > Per Jessen <p...@computer.org> wrote: > > > >> LuKreme wrote: > >> > >> > On 23-Feb-10 14:17, Bowie Bailey wrote: > >> >> SPF enforcement at the MTA is useless for the reasons you > >> >> specified. The only exception is if you have a strict SPF policy > >> >> for your own domain, you can use it to reject spam pretending to > >> >> be from your users. > >> > > >> > And that makes it worthwhile all by itself. > >> > > >> > >> Well, I guess it depends on your point of view - how difficult is > >> it to set up an MTA to reject mails pretending to be from > >> <yourdomain> that didn't originate on your MTA? > >> > >> > >> /Per Jessen, Zürich > >> > > > > Good question - how would you do it? > > Postfix: I would have two different smtpd daemons - one for the local > network, one for the external. The external smtpd would have a > check_sender_access along these lines (thinking out loud here): > > check_sender_access = hash:/etc/postfix/reject_from_my_domain > > etc/postfix/reject_from_my_domain would have: > > example.com 5xx > > > /Per Jessen, Zürich > So you would reject outbound mail from your domain? I'm sure that's a typo. The agrovation of multi-instancing Postfix onto a different port or IP, seeking help from their aggressive and abusive user list when it fails to work -v- SPF. Ummm such a choice.....