[opendmarc-users] opendmarc & smf-spf
Scott Kitterman
sklist at kitterman.com
Mon Nov 30 06:43:20 PST 2015
On Monday, November 30, 2015 12:55:52 PM Benny Pedersen wrote:
> Django [BOfH] skrev den 2015-11-30 11:52:
> > a few month agoe I build both packages opendmarc and smf-spf. smf-spf's
> > projectpage at sourgeforge seem broken.
>
> +1
>
> > How good is opendmarc's own spf-implementation? Is it robust enough for
> > production.use? Or exists a nother milter for spf review?
>
> dont use it
>
> libspf2 is depricated with sender-id, so you get false spf pass and
> fails for sender-id domains
>
> use pypolicyd-spf, configure it to add AR headers, and since
> check-policy-servive in postfix is called before smtpd_milters in
> postfix it works
>
> for spamasssassin call pypolicyd-spf with the default headers
> (recieved-spf)
First, Sender-ID is dead. Even Microsoft admits this.
Second, there are two ways to get internal SPF checking in Opendmarc. One is
its internal implementation and the other is with libspf2. As far as I can
tell, the internal implementation is incomplete and I don't recommend it, but
fundamentally there's nothing wrong with libspf2. It hasn't been updated for
RFC 7208, but the differences are not major.
Pypolicyd-spf has been updated for RFC 7208, so using it to produce header
fields for opendmarc to consume is a good way to go for postfix users, but it's
not the only reasonable way to do it.
Scott K
More information about the opendmarc-users
mailing list