This one time, at band camp, Marek Podmaka said: > Hello Michael, > > Saturday, January 21, 2006, 23:09:28, Michael Loftis wrote: > > ML> Have you even looked at AOLs SPF record? notice the ?all at the end? The > ML> net result of that is that even with systems using SPF it's a 0 change, > ML> except for yet another dns lookup. AOL knows that if they removed the ?all > ML> tag from the end they'd break a LOT of accounts using aol and sending to > ML> places implementing SPF. So SPF doesn't really help AOL either. > > Interesting discussion about SPF... There are actually 2 things to > think about - one is implementing SPF on DNS for our domains and the > other is using SPF to limit "bad" incoming mail. In my opinion the > second one has only advantages. So I would like to ask what do you > recommend? Integrate it in postfix somehow? Or is it enough to turn > on SPF checking in SpamAssassin? How? As mentioned, SPF breaks forwarded mail. If you are absolutely confident that your users will never receive legitmate mail through a forwarder with a return address in a domain that does not have an spf all record, feel free to reject it at smtp time. If not, I would just use SA checks. To enable it in 3.1, you add or uncomment this bit in /etc/spamassassin/init.pre: loadplugin Mail::SpamAssassin::Plugin::SPF HTH, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature