On 05/26/2014 06:49 PM, Fredrik Lindgren wrote:
Hello,
I'm having an issue in getting SPF checking to work the way I want and
just wanted to see if you maybe had some input on how to achieve this,
or what I'm doing wrong.
We're running SA to filter incoming mail, as well as to police outgoing
SPAM. This is an ISP type setup, where end users are required to relay
mail through our server using SMTP-Auth. This becomes a problem when
end-user accounts are compromised.
What I'm trying to achieve is to score outgoing mail with forged senders
from for example "hotmail.com" using the SPF module. The problem becomes
that it's scoring legitimate mail as well since our SPF-record includes
only our relays, and the only available received-by line has the
customer-IP as the originating address. And to include our
customer-ranges in our SPF-record kind of defeats the purpose. :)
Essentially what I think would solve my problem would be a
"SPF-whitelist", where I could put domains NOT to do SPF check for (in
my case our own domain). But as far as I can tell, there is no such thing?
I guess the sort of unique use-case here is that my "threat" in this
case is coming from the "inside".
Any ideas?
Don't allow senders to use sender domains which are not on your boxes.
It will cause some initial support cases but if announced, & well
documented, in the long run, it will save you lots of headaches.
my 2 cents...
