On Thu, 11 Jan 2007, Julian Mehnle wrote:
I forgot to mention that you don't actually need an ESMTP extension to do
that. You just have to go through all domains on your personal "trusted
forwarder" white-list, resolve their SPF records, and see if the sending
IP address is among _any_ of them. You don't even need an "SPF-like"
system -- SPF itself can very well be used for that.
(And of course you don't have to resolve all the SPF records on the fly for
every incoming message. You can cache them.)
Pymilter does exactly the above. The 'trusted_forwarder' config option
is a list of domains which you trust to forward messages. Incoming
IPs are matched against the SPF records for the domains (and it uses
a substitute SPF record that you supply via the 'delegate' option if the
forwarder doesn't have an SPF record.) Unfortunately, it does resolve all
the SPF records on the fly for every incoming message, so the list has
to be real short. Pyspf would like to cache resolved SPF records like
libspf2 does in a future version...
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735