[milters] Archive

Lists Index Date Thread Search

Article: 1838
From: Jim Hermann
Date: 2008-03-01 11:40:50 -0500
Subject: Re: rejecting mail on invalid HELO with milter-spiff

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

> -----Original Message-----
> Sent: Saturday, March 01, 2008 05:26 AM
> To: milters@milter.info
> Subject: [milters] rejecting mail on invalid HELO with milter-spiff
>
> Using milter-spiff, is it common to reject mail when the SPF record
> fails for the HELO command?  For example:
>
>     helo-policy=3Dsoftfail-tag,fail-reject
>
> I've been using this for a while and have not had many problem, the
> ones I have had were sites with badly configured spf records (who
> corrected them).  I'm just curious if a lot of other folks reject mail
> based on the HELO?

No.  There are too many situations where milter-spiff reports FAIL when the=
 email actually passes SPF.  Specifically, milter-spiff does not handle tru=
ncated DNS lookups and SPF records that are more than 10 lookups deep.  Her=
e is my /etc/mail/access file:

# Common SPF Failures
milter-spiff-From:houstontech.org       OK
milter-spiff-From:capitalone@email.capitalone.com       OK
milter-spiff-From:efloristmktcom.com    OK
milter-spiff-From:holiday-bounces@lists.dpwt.com        OK
milter-spiff-From:info@evite.com        OK
milter-spiff-From:BarnesandNobleEmail@email.bn.com      OK
# truncated DNS lookups for SPF
milter-spiff-From:citibank.com          OK
milter-spiff-From:citicards.com         OK
milter-spiff-From:mailfromftd.com       OK

Jim


Lists Index Date Thread Search