[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: smtpserver bind() query and logfile problems

To: zmailer@nic.funet.fi
Subject: Re: smtpserver bind() query and logfile problems
From: "Darryl L. Miles" <darryl@netbauds.net>
Date: Thu, 27 Jan 2005 10:46:50 +0000
In-Reply-To: <41F79C64.6040009@rol.ru>
Original-Recipient: rfc822;zmailer-log@nic.funet.fi
References: <41F6896A.2000900@netbauds.net> <20050126044957.B19956@nic.funet.fi> <41F760E4.9050402@netbauds.net> <20050126144014.C19956@nic.funet.fi> <41F79C64.6040009@rol.ru>
Sender: zmailer-owner@nic.funet.fi
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8a4) Gecko/20040927

Eugene Crosser wrote:

> As to the duplicate block, I did not notice when it appeared.  Maybe 
> better remove redundant elements...
>
> As to the local whitelist, I *think* that it where localpolicy comes 
> into play, but I never got deep enough to understand how it works.  
> Igor added support for localpolicy, so presumably he can answer this one.
>
> Eugene

Thanks for the pointer.

After I worked out that for SPF to work it needs the "spf +" added to 
BOTH the _default_addr and _default_ipaddr policy rules it started 
working :).

I then configured:

PARAM spf-localpolicy           "-exists:%{o}.fail.spf.mail.mydomain.com 
~exists:%{o}.softfail.spf.mail.mydomain.com"

I then setup two dynamic DNS domains with Bind 9 for those domains.  
Then to force a specific domain to fail (if my local policy is called 
up) I created a record:

faildomain.com.fail.spf.mail.mydomain.com. IN A 127.0.0.2

This isn't exactly what I wanted, but its close enough for now.  Where 
I'm trying to head is that if an SPF result is softfail I could promote 
it to 'fail' for a specific set of domains.   This in effect speeds up 
their roll out period, by moving from the tranational state ~all to the 
operational state of -all.  I'm using this method to block most webmail 
services as the only reason I can see them staying in the transitional 
state is so that they can be seen to be participating in SPF and not 
upset their userbase if they are using their addresses in other ways 
directly on the net.  Their main aim as a business is to keep as many 
customers as possible, not to cut down SPAM.

Apparently localpolicy allows you to override the trailing default 
action, -all, ~all, ?all, +all, etc... that is advertised in the TXT 
resource record you are checking.

The most useful resources have been 
http://spf.pobox.com/mechanisms.html, http://spf.pobox.com/macros.html 
and API ref http://www.libspf2.org/docs/api.html#SPF_compile_local_policy .

-- 
Darryl L. Miles
M: 07968 320 114

-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi

References:
- smtpserver bind() query and logfile problems
  - From: "Darryl L. Miles" <darryl@netbauds.net>
- Re: smtpserver bind() query and logfile problems
  - From: Matti Aarnio <mea@nic.funet.fi>
- Re: smtpserver bind() query and logfile problems
  - From: "Darryl L. Miles" <darryl@netbauds.net>
- Re: smtpserver bind() query and logfile problems
  - From: Matti Aarnio <mea@nic.funet.fi>
- Re: smtpserver bind() query and logfile problems
  - From: Eugene Crosser <crosser@rol.ru>

Prev by Date: Re: smtpserver bind() query and logfile problems
Next by Date: "vacation" undocumented feature
Prev by thread: Re: smtpserver bind() query and logfile problems
Next by thread: To: field continuation...
Index(es):
- Date
- Thread