NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: postfix for 2 domains on 1 vps 1 ip
On Fri, Jan 01, 2021 at 04:50:16PM -0700, Bob Proulx wrote:
SPF identifies authorized IP addresses for domains in the message
envelope. Therefore the reverse DNS pointer record does not matter in
this. The hostname does not matter. Only the IP address as indicated
through a DNS response. This is an anti-forgery protection. This has
been a defacto standard requirement for all SMTP host sites for some
years now. Must have valid SPF records. However I do know of small
low activity sites that still do not implement this and squeeze by
depending upon the nebulous value of the sending host's "IP reputation
score".
https://en.wikipedia.org/wiki/Sender_Policy_Framework
(...)
Reverse DNS is the oldest validation that checks that a sending host
identifies its own FQDN, which is looked up to an IP address with
normal forward DNS, which is then looked up to a FQDN with reverse
DNS, which must match the original name. This is done under the idea
that valid SMTP sites are using static IP address assignments and have
control of their DNS. Since spammer sites most often did not have a
static IP assignment and did not have control of their DNS. This is
an anti-forgery protection. These assumptions have been called into
question in recent years.
https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS
Thanks for the very good summary!
IIUC, it is possible to implement Reverse DNS validation with
postfix tools in base system with some Postfix option (I've seen
that, but I don't recall the exact postfix setting)
But, in order to implement SPF checking, it is necessary a third-party
program such as mail/py-policyd-spf or mail/libspf2, right?
Home |
Main Index |
Thread Index |
Old Index