OT, testing spf for incoming mail

Gregory Nowak greg at romuald.net.eu.org
Wed Mar 16 03:51:59 EDT 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi folks,

I've installed postfix-policyd-spf-python, and want to test incoming
mail from a domain using spf, from a unauthorized machine. Everything
I've been able to find on the web tells you how to do the opposite
(test your DNS records). While I'll be getting to that, I want to make
sure the incoming mail part works first before I move on. So, I was
hoping someone could tell me how to test incoming mail first.

When I connected to my machine from a remote box, I tried:

helo www.example.com
mail From:<someone at gmail.com>
rcpt To:<greg at romuald.net.eu.org>

and my server accepts the message. The spf check tags it as
neutral. From what I understand, it should fail, since www.example.com
isn't authorized to send mail for gmail, and I wasn't connecting to my
server from gmail's outbound mail servers (no, I didn't spoof the ip
address). Am I correct on this point, or is my knowledge of spf
seriously messed up?

I've seen a pass result in my mail.log for a domain with spf records,
but I have yet to see a rejected message that wasn't sent where it
should be sent from. In case my config is the problem, I'm pasting my
policyd-spf.conf file below

- --- cut here ---

#  For a fully commented sample config file see
   policyd-spf.conf.commented

debugLevel = 1
defaultSeedOnly = 1

HELO_reject = SPF_Not_Pass
Mail_From_reject = Fail

PermError_reject = False
TempError_Defer = True

skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0//104,::1//128
 
- --- cut here ---

Thanks in advance for any help.

Greg


- -- 
web site: http://www.romuald.net.eu.org
gpg public key: http://www.romuald.net.eu.org/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)

- --
Free domains: http://www.eu.org/ or mail dns-manager at EU.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk2AbB8ACgkQ7s9z/XlyUyBtFACfS+Il8NwB+KcUbdRhP+ketVUj
r/sAnRprdj8gT/9C4n0a3wRiaVqP64oX
=iCSQ
-----END PGP SIGNATURE-----



More information about the Speakup mailing list