efa-project.org

Following other threads on the internet, it seems a good idea to me to skip the greylist filter in case of a positive SPF check on the sending mailserver. By now, i see many IP's in the "waiting greylist" with the same FROM: and TO: address but many different sender IP's.

Regards, Heronimus

no no no!

if spf fail for him we want him to be on the blacklist not the grey..
if it fail by spf he is trying to spoof some domain address so we want him out, period.

what you mean is that if he passes spf.. well, then why greylisting? he is the good guy.

should be like this,
spf pass - don't grey list, let him pass..
spf fail (-all) - reject at the protocol - he is not welcome at all.
any other result - softfail, natural permerror, etc - greylist.

I have write some script that I implemented in my system with sqlgrey,
will post it tomorrow and let you know,

Zohman.

zohman wrote:what you mean is that if he passes spf.. well, then why greylisting? he is the good guy.

should be like this,
spf pass - don't grey list, let him pass..
spf fail (-all) - reject at the protocol - he is not welcome at all.
any other result - softfail, natural permerror, etc - greylist.

That's exactly what i mean. By doing it in this way, we have less complaints about delays in mail delivery (and an appropriate advice for those companies which still aren't using SPF records).

I look forward to your action. Thanks in advance.

heronimus wrote:

zohman wrote:what you mean is that if he passes spf.. well, then why greylisting? he is the good guy.

should be like this,
spf pass - don't grey list, let him pass..
spf fail (-all) - reject at the protocol - he is not welcome at all.
any other result - softfail, natural permerror, etc - greylist.

I look forward to your action. Thanks in advance.

viewtopic.php?f=14&t=1240