the SPF record can change too, so that makes no difference.
On 27.01.17 16:57, David Jones wrote:
We have to assume that a competent mail sysadmin would
make that SPF record change. It has to be trusted since that's
the whole point of SPF.
The easy workaround is to put ptr: into the SPF record, which is clearly
what yahoo did. Then it's enough to maintain servers' fcrdns - no
incompetence here.
however, in both cases, some IPs can be added to, as well as removed from
pool. That means, one should do the comparison at time mail is received, not
far later (because the information might be obsolete at later time).
Still no practical difference between using IP ranges or rdns in SPF.
I get it as you need parse mail logs to find out what to put into
postscreen list, since postscreen doesn't use rdns...
Hmm, are you sure about that?
I have checked (just for sure) before sending my email.
what exactly did you mean when talking about log parsing, if not this?
Well - if postscreen was able to use rdns, this discussion would be useless,
since you'd whitelist .yahoo.com in postscreen, wouldn't you?
and postwhite (https://github.com/stevejenkins/postwhite) script can only
parse SPF records, not logs. Luckily ita page shows something that can help
you with yahoo:
https://help.yahoo.com/kb/SLN23997.html
Cool. Thank you. This is what I was looking for.
I think I have this solved in Postfix based on FCrDNS but
it good to know that Steve Jenkins is working on the same
thing.
postfix' smtpd can do rdns (and whitelist based on it). postscreen can't.
you mentioned postscren (and postwhite, which is whitelisting for
postscreen), I don't get why you mix postfix here...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watson. -- Daffy Duck & Porky Pig
