1. check if HELO is authorized or blocked by SPF
2. if not, check if HELO is authorized or blocked by CSA
3. check if HELO is at least RFC compliant
4. if not, REJECT
5. if HELO is authorized or RFC compliant, send DSN to
postmaster(_at_)HELO(_dot_)domain(_dot_) If DSN is rejected, REJECT
6. then send DSN to MAIL FROM. If DSN is rejected, REJECT.
7. if both HELO and MAIL FROM accept DSN complaining about
SPF fail/softfail, accept message.
(DSN success is cached to rate limit sending of DSNs)
What do you all think?
This looks to me like an awful lot of work, for what is essentially the
typical problem with receiving inbound mail from forwarders. The solution
I use, is to create a local policy which gives the outbound mailservers of
CompanyB a neutral result (ie, treat them as any other forwarder used)
should the mail be rejected if 'efax.com' where ever to publish '-all'.
Arjen