>From: Matus UHLAR - fantomas <uh...@fantomas.sk> >Sent: Thursday, January 26, 2017 2:15 PM >On 26.01.17 19:53, David Jones wrote: >>I understand what their SPF record means and how it works >>but what they are publishing in their SPF record is not common. >>Normally this would expand out to a list of IPs and CIDRs or DNS >>records that can be turned into IPs that postwhite can use to build >>a list for bypassing RBL checks.
>SPF was never designed to create such lists. They can get easily obsolete, >miss some IPs and/or have some IPS that don't belong there. I agree. But it turns out it works pretty well since SPF has been taken more seriously the past couple of years. When Gmail and others started putting SPF failed messages into the Junk folder, it's starting to be worth something. I am only doing postwhite exclusions for 2 types of senders: 1. Large mail hosting providers that are too large to block and don't keep their mail server IPs off of RBLs 2. Highly trusted senders that know what they are doing and keep their SPF record properly maintained that would already score very low in SA. >>Their SPF record can really only be evaluated by the MTA during >>the SMTP conversation. >SPF records can be perfectly parser by SA or other software at >different time. I think you misunderstood. PTR records don't change often but they could. Their matching A records for FCrDNS could change too so you can't rely on later processing to know what happened when that message arrived. >>The main problem with parsing mail logs is the chicken-and-the-egg >>issue where you may block a Yahoo mail server with an RBL for a >>short period until you process the logs. >what informations do you search in logs that are not in mail headers? I use MailScanner which is not a milter or otherwise directly part of the MTA (Postfix in my setup). This basically creates 2 levels of filtering: the MTA and MailScanner (SpamAssassin plus many other checks). My RBLs are done by postscreen (really awesome, everyone should use it) so I have to allow Yahoo mail servers in the first level of filtering independent of SA. >>I think they publish their SPF like this because they have no good >>list of outbound mail servers themselves so they take the lazy >>approach. >I believe that ptr method is one of best methods to implement in spf, >contrary what the authors say. (I believe) Most of MTAs verify fcrdns of >connecting >server so all required information are available in DNS cache at the time of >SPF processing. I think I have solved this issue. Postfix smtpd_client_restrictions check_client_access does use FCrDNS for domains listed. I will watch my logs for a few days and make sure this is working properly.
