OT, testing spf for incoming mail
Gregory Nowak
greg at romuald.net.eu.org
Wed Mar 16 03:51:59 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi folks,
I've installed postfix-policyd-spf-python, and want to test incoming
mail from a domain using spf, from a unauthorized machine. Everything
I've been able to find on the web tells you how to do the opposite
(test your DNS records). While I'll be getting to that, I want to make
sure the incoming mail part works first before I move on. So, I was
hoping someone could tell me how to test incoming mail first.
When I connected to my machine from a remote box, I tried:
helo www.example.com
mail From:<someone at gmail.com>
rcpt To:<greg at romuald.net.eu.org>
and my server accepts the message. The spf check tags it as
neutral. From what I understand, it should fail, since www.example.com
isn't authorized to send mail for gmail, and I wasn't connecting to my
server from gmail's outbound mail servers (no, I didn't spoof the ip
address). Am I correct on this point, or is my knowledge of spf
seriously messed up?
I've seen a pass result in my mail.log for a domain with spf records,
but I have yet to see a rejected message that wasn't sent where it
should be sent from. In case my config is the problem, I'm pasting my
policyd-spf.conf file below
- --- cut here ---
# For a fully commented sample config file see
policyd-spf.conf.commented
debugLevel = 1
defaultSeedOnly = 1
HELO_reject = SPF_Not_Pass
Mail_From_reject = Fail
PermError_reject = False
TempError_Defer = True
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0//104,::1//128
- --- cut here ---
Thanks in advance for any help.
Greg
- --
web site: http://www.romuald.net.eu.org
gpg public key: http://www.romuald.net.eu.org/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)
- --
Free domains: http://www.eu.org/ or mail dns-manager at EU.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk2AbB8ACgkQ7s9z/XlyUyBtFACfS+Il8NwB+KcUbdRhP+ketVUj
r/sAnRprdj8gT/9C4n0a3wRiaVqP64oX
=iCSQ
-----END PGP SIGNATURE-----
More information about the Speakup
mailing list