2004-12-11 by Ivan F. Martinez
On Sat, 11 Dec 2004 10:26:28 -0000
"egcrosser" <egcrosser@...> wrote:
E>
E>
E> Gentlemen,
E> I'd like to return to the SPF issue.
E>
E> Currently, this filter uses "SPF pass" condition is a reason to
E> *allow* submission.
E>
E> As I demonstrated in one of my previous messages, this is not in line
E> with the concept of SPF, and opens a potential hole for spammers.
E>
E> Still SPF information can be used in a meaningful way: the filter
E> should ignore "SPF pass" (and greylist in a usual way), but honor
E> "SPF fail" and *block* the submission with 5xx code.
E>
E> What do you think?
I like, but :
1. The block must be optional as config option. If administrator wants
the message can be accepted (Actually I use spfmilter for the spf job,
and I don't started to test spf with milter-greylist).
2. We can create a new config parameter greylist_spf, when the sender
domain has SPF records use greylist_spf parameter to define the time to
wait, and when no spf record exist use the standard greylist parameter.
Will be possible to use things like :
greylist_spf 30m
greylist 60m
giving extra bonus to spf enabled domains, but passing it on grey
process to check for the real SMTP and complaint servers.
And maybe create also autowhite_spf.
--