[K12OSN] OT: just reduced spam by 95% with Free Software

Vince Callaway vince at totalsense.com
Wed Jan 31 16:12:30 UTC 2007


On Mon, 2007-01-29 at 07:23 -0600, Burke Almquist wrote:
> I've been using dns blacklists for a while, but I've never gotten SPF  
> checking setup. How did you set that up?

There are two parts to implementing SPF.  The first is easy and everyone
should do it.  A DNS record tells the world where email from a given
domain should originate from.  You can go to http://www.openspf.org/ for
info an setting it up.  There is a tool to generate the txt record for
you.

The entry for my domain is simple: "v=spf1 a include:centurytel.net
~all"

Mine shows centrytel.net as the only host mail should originate from.
Since I'm on a dynamic IP my server uses my isp mailserver as a
smarthost.

Implementing spf checking is different for every mail system.  Since I'm
using qmailtoaster ( http://www.qmailtoaster.com ) spf checking was part
of the package.  I have mine system setup for a hard reject on spf
failure.

If inbound mail is relayed through another server spf will break.  There
is yet another protocol that has to be setup called SRS.  It does a
header rewrite to show the path the mail took to get to you.  That is
now part of qmailtoaster but I've not implemented it on my system yet.
I am acting as a mail filter for a couple of friends who use hosting
services with no filters.  Since their servers don't check anything SRS
has not become an issue yet.

I will tell you that mailing lists break just about every checking
protocol.  SRS would fix some of that if the list servers used it.  I
had to setup a special entry for this list because the list server
software hoses several anti-spam checks.




More information about the K12OSN mailing list