Scott wrote:
There are two cases that currently are returned as unknown that I'd like
to either publish a policy either as part of my record, or just straight
to the dns for my mailserver, to authoritatively accept messages that
come in on the 127.x interface, that one should be easy.
Section 4.3 of the specification says:
When the <sending-host> is localhost, Designated Sender mechanisms
are not meaningful. Therefore, an SPF client immediately returns
"pass" without evaluating mechanisms.
Similarly if then IP address is 127.0.0.0/8, the result should also be
"pass".
For the other case, a remote machine announcing itself with a helo of my
ip address, I definitely do not want to accept email from.
If a client says HELO with your IP address, then it is definitely spam and
you may reply the HELO with a 5xx response and disconnect.
Roger