Configure Sendmail to require valid SPF checks before accepting/relaying mail

sendmail spf microsoft-office-365
7,947

Well there is spfmilter and milter-spiff just to name two. And milter-spiff's documentation is far from sparse. We're using for many years now without any problems.

Share:
7,947

Related videos on Youtube

Doug Luxem
Author by

Doug Luxem

Updated on September 18, 2022

Comments

  • Doug Luxem
    Doug Luxem almost 2 years

    We have an inbound email service that is very restrictive on who is allowed to send through our Sendmail gateways. The restrictions are generally controlled through the access file by marking certain servers, IPs or networks as OK -- everything else is rejected.

    This method becomes difficult to control when customers are using hosted solutions like Google Apps or Office 365, where mail could come from any number of servers or networks.

    In order to get around that, what I would like to add as a feature are SPF checks on certain sender domains. If their domain passes SPF, then they are allowed to send to us; otherwise the message will be rejected.

    It seems there are a few milters out there to handle SPF, but documentation is sparse.

    So the question...

    What options do I have for SPF filtering in Sendmail which can be limited to certain sender domains?

    • joeqwerty
      joeqwerty over 12 years
      Why are they sending THROUGH your servers?
    • adamo
      adamo over 12 years
      @symcbean: I think he's asking what SPF milter should he go and try.
    • adamo
      adamo over 12 years
      @joeqwerty: I think he refers to the ability provided from certain mail providers to send mail as a user from another domain. If his domain is example.com, then their servers will see incoming mail say from Gmail that claims to be from a [email protected]. They do not seem to allow that.
    • Philip
      Philip over 12 years
      @joeqwerty I'm pretty sure he's receiving e-mail and just want to eliminate almost all SPAM by only allowing e-mail that Passes SPF. I've considered this myself as most reputable domains publish SPF these days.
    • adamo
      adamo over 12 years
      @Chris S: TTBOMK all mail from Gmail comes from *.google.com servers, so he can use the Connect: keyword in the access database.
    • Doug Luxem
      Doug Luxem over 12 years
      @joeqwerty - These are front-end MTA's for another systems which does further automated processing on emails. So yes, they are sent through (e.g. relayed to internal domains).
    • Doug Luxem
      Doug Luxem over 12 years
      @ChrisS, although Connect works for Google, it doesn't for many other hosted mail services. Also, using Connect, I can't limit certain sender domains through Google - I have to open it up to all of their customers. Not a huge problem, but not ideal.
    • MadHatter
      MadHatter over 10 years
      Why, having inbound SPF check functionality, would you not want to apply it to all sent emails? You seem to be making your usage case much more difficult by adding that restriction, and it makes no sense: the only disadvantage to checking SPF on all inbound mail is the time required to set SPF checking up, and you're proposing todo that anyway.
  • Philip
    Philip over 12 years
    So some of the relevant configuration files/example/documentation would be???
  • adamo
    adamo over 12 years
    The documentation page for milter-spiff is here. You can run "milter-spiff -help" and it will output a very well commented configuration file which you can save, edit and use afterwards.
  • Doug Luxem
    Doug Luxem over 12 years
    milter-spiff seems to be what I need. I will need to spend some time testing.
  • Doug Luxem
    Doug Luxem over 12 years
    It appears that both of these only do blanket SPF filtering, and I cannot limit the checks to certain sender domains.
  • adamo
    adamo over 12 years
    The you can install MIMEDefang along with Mail::SPF::Query and write your own custom sets within the filter_recipient routine.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Multiple SPF domains in SPF DNS record. To MX or not MX?
SPF TXT record with multiple senders - bounce back - spf check failed
How to configure sendmail to relay emails through Office 365 (SMTP) with TLS
all mails going to gmail SPAM (sendmail on centos) 127.0.0.1 problem?
How to reject/detect emails claiming to be from my own domain?
Office365 SPF record has too many lookups
Mails sent to mail.protection.outlook.com are not being received
Multiple SPF records for multiple domains
This message does not have authentication information or fails to 550-5.7.26 pass authentication checks
mailx change sender name