Jonathan C. Detert a écrit :
I want to enable my postfix server to do spf queries, but so
far, I've only been able to ascertain how to enable it to do
the spf queries, and to reject requests that fail the spf
query.
I personally do this using libspf2 and the postfix patch that can be found
at http://www.libspf2.org, and I'm quite happy with it.
This is all good, but I also need to know the following:
- a log of each request that was failed, including the date,
sender address, the purported 'mail from' header, and the
intended recipient.
You'll find this in the Postfix log.
- how to make postfix send an explanation back to the sender
of why the email was rejected.
When Postfix rejects a mail with the spf patch, it sends the sender's
domain "custom" SPF explanation (per SPF standard), if any. If not, it
sends the default SPF failed reply, but you can customize the explanation
to send in Postfix main.cf file, using: spf_explanation = whatever you
want, with possible parameters, such as, in french :
spf_explanation = Violation SPF: Mail de %{s} doit etre transmis depuis
serveur approuve pour domaine %{o}. Contactez administrateur de %{o} pour
plus d'info, ou voyez
http://spf.pobox.com/why.html?sender=%{S}&ip=%{I}&receiver=%{R}
- ideally, I'd like to send a rejection reply to the sender
and quarantine the email instead of rejecting it, so that
I have a full copy of the email to examine in case of
problems.
Nope. With SPF, you are supposed to reject mail, not to quarantine it,
much less to bounce it back as it is most probably forged.
Checking your logs generally makes it obvious why the message got rejected.
--
Michel Bouissou <michel(_at_)bouissou(_dot_)net> OpenPGP ID 0xDDE8AC6E