On Sat, 11 Dec 2004, Greg Connor wrote:
3. For the case where you really need a different policy for both, there is
a workaround: specify a -all policy only when the username is "postmaster"
and a ~all for all other usernames.
When checking HELO, SOFTFAIL and NEUTRAL should be treated like FAIL.
There is no question of mobile users not using SMTP AUTH and the like - this
is supposed to be the actual mail server. Only PASS (or TEMPFAIL) should be
accepted when checking HELO. Even when the MTA has a HELO name that is the
same as the MAIL FROM domain (which I don't think is a good idea), and the MAIL
FROM SPF record has ?all or ~all, it still works to prevent HELO forgery.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.