Neil Harkins wrote:
Hi. I used fetchmail for a few projects over the past 10 years,
and was curious how it deals with SPF (Sender Policy Framework,
http://spf.pobox.com).
Some links I collected when considering whether to use SPF on my mail
server:
http://homepages.tesco.net./~J.deBoynePollard/FGA/smtp-spf-is-harmful.html
http://bradknowles.typepad.com/considered_harmful/2004/05/spf.html
http://david.woodhou.se/why-not-spf.html
I decided not to enforce SPF.
I'm sure Matthias also has thoughts on the topic.
If fetchmail retrieves a remote message, then resubmits it locally
on port 25 with the original sender on the envelope, those messages
would be blocked if the local server is enforcing SPF, because the
local machine's ip isn't listed as a valid sender for the domain
which originally sent the mail. :(
That's what you asked for if you enforce SPF.
I see in the fetchmail 5.0 feature list that:
* Fetchmail can be told to fall back to delivering
via local sendmail if it can't open port 25.
Is there any way to make that the primary behavior
instead of just a "fall-back"?
I think you're looking for the mda option (which wasn't intended for this
purpose), though I'm not sure that'll solve your SPF problem.
Anyway, any thoughts on the matter would be greatly appreciated!
Thoughts? If you use SPF at all, use it as a small part of a scoring
system like SpamAssassin, which along with the scoring can also be told
which hosts are trusted and can look at Received headers rather than just
the current SMTP transaction.
SPF failure alone should not make a message be rejected.
--
==============================| "A microscope locked in on one point
Rob Funk <rfunk(_at_)funknet(_dot_)net> |Never sees what kind of room that
it's in"
http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind"