| That was my idea too. I have no problem with bad HELO strings from
| misconfigured senders, but I have a problem when someone forges my domain
| in a HELO string. So if someone says "HELO mail.baschny.de", and I have
|
| mail.baschny.de. IN TXT "v=spf1 -all"
|
| this would mean "this host NEVER sends emails", so it should be rejected.
I don't agree with that. We are talking about "senders" as the mail
from. My interpretation of that record says that no mail should ever be
acceptable with an envelope sender @mail.baschny.de. If you machine
wants to send mail (from a crob job throwing an error), it should be
allowed to do so -- it just needs to make sure the envelope sender is
not @mail.baschny.de.
My understanding was that SPF allows you to determine which hosts are
permitted to send mail with envelopes like @domaininquestion.com. The
above argument says that SPF allows a host to dictate that. It's
backwards.
Specifically my email address is not @mail.omniti.com -- so, it would
be reasonable to add a: mail.omniti.com IN TXT "v=spf1 -all" record. As
no legitimate mail should have an envelope sender with the domain
@mail.omniti.com. But my mail server damn well better be able to send
mail, and it should be able to use mail.omniti.com as it's EHLO
argument...
--
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// Postal Engine -- http://www.postalengine.com/
// Ecelerity: fastest MTA on earth