Dear All,<br><br>As per Alex, let me try smf-spf. <br><br>Thank you,<br><br><div class="gmail_quote">On Thu, Sep 9, 2010 at 8:40 PM, Steve Freegard <span dir="ltr"><<a href="mailto:steve.freegard@fsl.com">steve.freegard@fsl.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im">On 09/09/10 10:24, Glenn Steen wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
You might have DKIM and SPF in SpamAssassin; but these are totally useless<br>
unless the domain you are having this problem with (e.g. <a href="http://123l.com" target="_blank">123l.com</a>) actually<br>
publishes or uses them...<br>
<br>
smf@smf-laptop:~$ host -t TXT <a href="http://123l.com" target="_blank">123l.com</a><br>
<a href="http://123l.com" target="_blank">123l.com</a> has no TXT record<br>
<br>
Same with smf-spf or milter-spiff; they'll only fix this problem if a policy<br>
is published for the domain in question (ideally a '-all' hard fail).<br>
<br>
Regards,<br>
Steve.<br>
</blockquote>
I'm a bit rusty on the rendmaul...Oops, sendmail ... side of things,<br>
but couldn't one do pretty much the same as I do in PF? That is, use<br>
an access-like map to disallow ones own (or customers) domain(s) as<br>
(envelope) senders? The loss for any typical smaller business would be<br>
greeting card stes etc, so shouldn't matter much.<br>
Sure, SPF with correct DNS record(s) would perhaps be easier, but ...<br>
sometimes it is easier to futz with ones MTA than with a (possibly<br>
externally managed) DNS:-).<br>
</blockquote>
<br></div>
No reason why you couldn't add something like:<br>
<br>
from:<a href="http://mydomain.com" target="_blank">mydomain.com</a> REJECT<br></blockquote><div><br> <br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
But there be dragons here if you use the box for anything other than inbound mail e.g. SMTP AUTH, smart host or if you have a secondary MX. I've never tried it - but I suspect that you can mitigate some of that using 'connect:ip.ip.ip.ip OK'.<br>
<br>
Cheers,<br><font color="#888888">
Steve.</font><div><div></div><div class="h5"><br>
-- <br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website! </div></div></blockquote></div><br><br clear="all"><br>-- <br>Kind regards,<br>Dhaval Soni<br>Red Hat Certified Architect<br>ID: 804 007 900 325 939<br><br>
M: +91-9662029620<br>