Marek Podmaka wrote:
My first reaction would be that implementing it in your SMTP server would only be useful if you were going to reject/bounce stuff on SPF failures regardless of content.Interesting discussion about SPF... There are actually 2 things to think about - one is implementing SPF on DNS for our domains and the other is using SPF to limit "bad" incoming mail. In my opinion the second one has only advantages. So I would like to ask what do you recommend? Integrate it in postfix somehow? Or is it enough to turn on SPF checking in SpamAssassin? How?
Like I mentioned earlier, I think that the strong point of SPF is that it lets you trust your domain-name-based RBL's more. IIRC, SpamAssassin 3 already checks SPF by default (you have to have the Mail::SPF::Query perl package on your machine)... but it just doesn't assign any scoring to SPF failures or successes.
You can change the scoring by either editing the system-wide spamassassin.conf file or by editing the per-user $HOME/.spamassassin/user_prefs. The syntax for adjusting scoring is here:
http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#scoring_options In short, you'd use something like: score SYMBOLIC_TEST_NAME n.nnwhere SYMBOLIC_TEST_NAME is the name of one of SpamAssassin's test conclusions. For SPF, these would include:
SPF_FAIL SPF: sender does not match SPF record (fail) SPF_HELO_FAIL SPF: HELO does not match SPF record (fail) SPF_HELO_NEUTRAL SPF: HELO does not match SPF record (neutral) SPF_HELO_PASS SPF: HELO matches SPF record SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) SPF_NEUTRAL SPF: sender does not match SPF record (neutral) SPF_PASS SPF: sender matches SPF record SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)and "n.nn" is the amount to increase or decrease the spam score of the message.
Personally, I'd use the scoring adjustments to increase the score of SPF failures and then bump up the scores of RBL results.
- Joe**
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature