OT (again): SA-SPF opinion

Thu May 26 21:48:29 IST 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I use the SPF facility in SA and find it works pretty well. I simply made
its score 100 on a hard fail in the local.cf file and all is good,
Actually I'm not a big believer in soft fails so they have a pretty big
score as well.

I have found one thing (I monitor my SPF catches fairly closely) and that
is that you shouldn't block based on the HELO and SPF. Many of these are
FP. IBM and a number of other places I have seen hard fail the HELO SPF,
but not the FROM SPF.

Steve Campbell wrote:

 Ugo Bellavance wrote:

 Steve Campbell wrote:

 I'm thinking about catching up and implementing SPF. I find that I
must use SRS also. Although it doesn't look that difficult to put in
place, other than deciding what my TXT records should say, I'm
wondering about one aspect of this all.

 Setting SPF DNS records is definitely worth the effort.  The more
people will have SPF records, the better the results will be on our
spam filters.

 Does the SPF facility in SA mimic what sendmail would perform using
spfmilter on the receipt end of things? Can anyone offer an idea of
what might be a good solution to all of this and what they might be
using with a sendmail 8.12 box? There seems to be a very limited set
of tools to use for all of this.

 I felt that SA's SPF rules are not very convincing, and I didn't feel
like playing with the scores, so I implemented spfmilter.  I decided
to block any message that would have a 'fail' result.

I have written a doc for implementing the milter on FC1, please let me
know if you want to see it.

 Ugo,

Yes, please let me know how to receive the document. Did you also use some
form of SRS also? I understand this is required for forwarding to a server
that checks SPF and hard fails them.

 I have a low-volume server, but about 3% of incoming mail are blocked
at the MTA level by this milter.

 I couldn't find much else to use but this particular milter and a few Perl
things. If SPF is starting to take off, I guess I'd better get on the ball.

Thanks loads,

Steve

 Regards,

Ugo

 Thanks

Steve Campbell
campbell at cnpapers.com
Charleston Newspapers

 ------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

 ------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

--

________________________________________________________________________________
[IMAGE]Dennis Willson
taz at taz-mania.com
taz at scubatech.org

www.taz-mania.com

Ham: KA6LSW
GMRS: WPSJ953
SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW Photographer,
Equip, Altitude

Life should not be a journey to the grave with the intention of arriving
safely in a nice looking and well preserved body, but rather to skid in
broadside, thoroughly used up, totally worn out, and loudly proclaiming,
"WOW! WHAT A RIDE!"

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2.2, Image/GIF  866bytes. ]
    [ Unable to print this part. ]