OT (again): SA-SPF opinion

Steve Campbell campbell at cnpapers.com
Fri May 27 14:10:07 IST 2005


    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Stephen Swaney wrote:
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>> Behalf Of Ugo Bellavance
>> Sent: Thursday, May 26, 2005 4:23 PM
>> To: MAILSCANNER at JISCMAIL.AC.UK
>> Subject: Re: OT (again): SA-SPF opinion
>>
>>>>
>>>> I felt that SA's SPF rules are not very convincing, and I didn't
>>>> feel like playing with the scores, so I implemented spfmilter.  I
>>>> decided to block any message that would have a 'fail' result.
>>>>
>>>> I have written a doc for implementing the milter on FC1, please
>>>> let me know if you want to see it.
>>
>> It'll be on the wiki soon.
>>
>>>
>>>
>>> Ugo,
>>>
>>> Yes, please let me know how to receive the document. Did you also
>>> use some form of SRS also? I understand this is required for
>>> forwarding to a server that checks SPF and hard fails them.
>>
>> I don't think I need SRS since I'm not relaying for anyone.
>>
>
> I believe that SRS, Sender Rewriting Scheme, is only required if you
> are relaying form you SPF hub. A typical example would be an ISP who
> is relaying email from a home pc or a business hub that sends their
> outbound email through the ISP's "smart relay". The ISP in this case
> has to rewrite the header to make it look like the mail was sent From
> the smart relay.

Steve,

Thanks for the reply.

I am guessing you mean that I should have a separate server running the SPF
checks in front of my mail hub, much like an SPF gateway. Unfortunately, I
cannot convince anyone here that I need to not only run SPF in front of the
mail hub, but also need a gateway for MS/SA in front of the hub. At the
current time, my mailboxes are on the same box that MS/SA and, in the
future, SPF, is running.

My confusion is about running multiple domains on the same box, and I guess
that sort of threw me. I have 3 mailservers. All three run MS/SA. One is
inbound/outbound for one domain. Another server is inbound for a second
domain and inbound/outbound for a third domain. Another server is outbound
for the second domain and outbound for all three domain's Webmail. All of
the servers are DNSed on a fourth domain, and , to make matters worse, any
http mail comes out of this domain. I firstly am fighting how my TXT records
should look and secondly how SRS may need to be used due to the 4-domain
scheme.

I don't suppose installing SRS would hurt anything, though.

Thanks for all the info!

Steve

>
> Sounds simple and it is (hopefully ;) for AOL and the larger ISPs but
> there are many many small ISPs and small mailhubs that relay for
> friends and neighbors that will be a long time implementing SRS :(
>
>
> Steve
>
> Steve Swaney
> President
> Fort Systems Ltd.
> Phone: 202 338-1670
> Cell: 202 352-3262
> www.fsl.com
> steve.swaney at fsl.com
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list