Stuart D. Gathman wrote:
You can filter out all those forged bounces and bounced
forgeries by signing your outgoing return path with SRS
or (old style) SES.
On my box it's simpler, everything that's not sent to
nobody@ (plus a few other local parts) is spamcop-ped.
user,domain = parse_addr(self.mailfrom)
if user.lower() in ('postmaster','mailer-daemon'):
self.mailfrom = '<>'
That gives you postmaster(_at_)x(_dot_)example for HELO x.example
and MAIL FROM postmaster(_at_)u(_dot_)example(_dot_)com (?)
I'm lost why you prefer to check x.example instead of
u.example.com - if you already had a FAIL for the HELO,
why do you check the MAIL FROM at all ?
And if you had NONE for a HELO oemcomputer, what's the
idea of replacing @u.example.com by @oemcomputer ?
Is this abuse of the RFCs going too far?
As long as you don't confuse your users with a bogus
Received-SPF:, or the sender with bogus error messages
"mail from postmaster(_at_)x(_dot_)example rejected" when it was
in fact mailer-daemon(_at_)u(_dot_)example(_dot_)com => receiver policy.
Bye, Frank
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com