Milter-greylist

--- In milter-greylist@yahoogroups.com, manu@... wrote:
>
> > Unless it was a SPF Record for our own domain.  ;)  My incoming 
server
> > gets email from domains that are also authorized to send email 
from my
> > IP Address.  
> 
> Well, what's the point of doing a SPF lookup for them? They should be
> whitelisted earlier in the ACL.
> 

I require spf pass results for any whitelist IP Address where the 
expected domain name has a SPF record.  Even a whitelisted IP Address 
can become compromised or a IP Address range might be too broad.  

For example, aol.com and cs.com have SPF records:

racl whitelist addr 64.12.136.0/24 spf report "SPF_OK From %f at IP %
i - Sender IP whitelisted, not delayed by %V" # AOL - confirmed - jwh
racl whitelist addr 64.12.137.0/24 spf report "SPF_OK From %f at IP %
i - Sender IP whitelisted, not delayed by %V" # AOL - confirmed - jwh
racl whitelist addr 64.12.138.0/24 spf report "SPF_OK From %f at IP %
i - Sender IP whitelisted, not delayed by %V" # AOL - confirmed - jwh
[snip - of course, there are more aol.com email servers]

Also, juno.com and rr.com has SPF records:

racl whitelist addr 64.136.47.0/24 spf report "SPF_OK From juno.com" # 
juno.com untd.com[64.136.47.20]
racl whitelist addr 66.27.89.0/24 spf report "SPF_OK From rr.com" # 
san.res.rr.com [66.27.89.65]

For the whitelist to be used, the envelope sender domain SPF record 
must match the IP Address.  If the domain does not have a SPF record, 
like yahoo.com, I don't include the spf requirement:

racl whitelist addr 209.131.38.0/24    # n29b.bullet.sp1.yahoo.com 
[209.131.38.250] no spf
racl whitelist addr 209.191.68.0/24    # webxxxxx.mail.mud.yahoo.com 
[209.191.68.150] no spf
racl whitelist addr 216.252.101.0/24   # webxxxxx.mail.mud.yahoo.com 
[216.252.101.34] no spf
racl whitelist addr 216.252.110.0/24   # webxxxxx.mail.re3.yahoo.com 
[216.252.110.220] no spf

Jim