You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by ha...@t-online.de on 2006/01/10 09:21:22 UTC
Re: dealing with SPF and external authenticated users
>> >
>> > What would be the correct way of dealing with this situation ? As a
>> > workaround I have used whitelist_from_rvc *@mydomain.com, which seems to
>> > be a great workaround, because I have rules in postfix that do not allow
>> > external users that do NOT authenticate to send messages with my own
>> > domain, not even to my local users.
>>
>> There's nothing wrong with that solution since you have Postfix setup to
>> refuse mail to local address from un-auth'd users.
>>
>>
I implemented a similar setup a while ago, and it turned out that some legit (although
suspiciously looking) mails from ebay were blocked.
I had to whitelist ebay there..
This particular user is no longer there, so I dont know whether ebay have revised these
mails since
Wolfgang Hamann
Re: dealing with SPF and external authenticated users
Posted by le...@solutti.com.br.
Citando Brian Godette <bg...@idcomm.com>:
>
> AFAIK ebay, paypal, and quickbooks all (can) send mail on behalf of a
> user
> using their (real) email address, and is one of the gotchas of SPF. My
> solution was to include ebay/paypal's SPF records in our own on the
> assumption that they're unlikely to joe-job.
>
So far so good. I have not seen or heard a single complain of a real-case
mail (not spam) that uses my domain as source address.
And I think, with people starting to use SPF, that this kind of action will
stop happening. I mean, people from ebay/paypal/something will start
sending with their own sender address and not somebody else domain.
Sincerily,
Leonardo Rodrigues
Re: dealing with SPF and external authenticated users
Posted by Brian Godette <bg...@idcomm.com>.
On Tuesday 10 January 2006 01:21 am, hamann.w@t-online.de wrote:
> >> > What would be the correct way of dealing with this situation ? As a
> >> > workaround I have used whitelist_from_rvc *@mydomain.com, which seems
> >> > to be a great workaround, because I have rules in postfix that do not
> >> > allow external users that do NOT authenticate to send messages with my
> >> > own domain, not even to my local users.
> >>
> >> There's nothing wrong with that solution since you have Postfix setup to
> >> refuse mail to local address from un-auth'd users.
>
> I implemented a similar setup a while ago, and it turned out that some
> legit (although suspiciously looking) mails from ebay were blocked.
> I had to whitelist ebay there..
> This particular user is no longer there, so I dont know whether ebay have
> revised these mails since
>
> Wolfgang Hamann
AFAIK ebay, paypal, and quickbooks all (can) send mail on behalf of a user
using their (real) email address, and is one of the gotchas of SPF. My
solution was to include ebay/paypal's SPF records in our own on the
assumption that they're unlikely to joe-job.