On Wed, February 24, 2010 2:28 am, Per Jessen wrote: > Christian Brel wrote: > >> On Wed, 24 Feb 2010 09:18:38 +0100 >> Per Jessen <p...@computer.org> wrote: >> >>> LuKreme wrote: >>> >>> > On 23-Feb-10 14:17, Bowie Bailey wrote: >>> >> SPF enforcement at the MTA is useless for the reasons you >>> >> specified. The only exception is if you have a strict SPF policy >>> >> for your own domain, you can use it to reject spam pretending to >>> >> be from your users. >>> > >>> > And that makes it worthwhile all by itself. >>> > >>> >>> Well, I guess it depends on your point of view - how difficult is it >>> to set up an MTA to reject mails pretending to be from <yourdomain> >>> that didn't originate on your MTA? >>> >>> >>> /Per Jessen, Zürich >>> >> >> Good question - how would you do it? > > Postfix: I would have two different smtpd daemons - one for the local > network, one for the external. The external smtpd would have a > check_sender_access along these lines (thinking out loud here):
... which is why I use sendmail. It now comes standard with 2 different daemons, built into one so the setup isn't so complicated: one for external access and one for internal access. Already doing what you suggest out of the box, and it works quite well, if configured securely. One activity rejects attempts to send email pretending to be 'on the inside' and the other rejects to send email pretending to be 'on the outside' thus preventing much of what has been discussed ... > > check_sender_access = hash:/etc/postfix/reject_from_my_domain > > etc/postfix/reject_from_my_domain would have: > > example.com 5xx > > > /Per Jessen, Zürich > --- Karl Pearson ka...@ourldsfamily.com Owner/Administrator of the sites at http://ourldsfamily.com --- "To mess up your Linux PC, you have to really work at it; to mess up a microsoft PC you just have to work on it." --- Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote. --Benjamin Franklin --- Prayer for Obama, et al: http://scriptures.lds.org/en/ps/109/8#8 (~) ---
