Mailing List Archive

Hello,

I have installed SPF (both SPF checking and publishing an SPF record on
my DNS) at home on my small domain and network at home and things are
working fine so far. It does not block a lot of messages yet, but this
is mostly due to the fact that most of the spam I receive are from
domains that do not publish a SPF record.

But, sometimes, I receive spam that comes from non-existing domain, such
as the one below.

Jun 18 12:17:36 192.168.1.253 postfix/policy-spf[25174]: : SPF unknown:
smtp_comment=Please see
http://spf.pobox.com/why.html?sender=NBYZRHXAUDP%40RND_FROM_DOMAIN
<http://spf.pobox.com/why.html?sender=NBYZRHXAUDP%40RND_FROM_DOMAIN&ip=2
13.22.17.60&receiver=ns1.lepine-lacroix.info>
&ip=213.22.17.60&receiver=ns1.lepine-lacroix.info: domain of sender
NBYZRHXAUDP@RND_FROM_DOMAIN does not exist,
header_comment=ns1.lepine-lacroix.info: error in processing during
lookup of NBYZRHXAUDP@RND_FROM_DOMAIN

So, my question is: is there a way in SPF checking to actually reject
these messages? In a way, if a domain does not exist, there cannot be a
SPF record for it, and it is almost certain that the sender is not
legitimate! If it cannot be dealt in SPF, how can I set my system to
just reject it! I am using Postfix 2.0.1 on a RedHat 8.0 system. I
have not modified my Postfix settings, with the exception of doing SPF
checking. I understand that this may not be per say an SPF question,
but any help could be usefull!

Jean-Michel Lacroix, Ph.D.
Assistant Director
Adaltis Development, Inc.
500 Cartier Blvd. West
Laval, (Québec) H7V 5B7
CANADA

Bus : (450) 781-8862 x2501
FAX : (450) 781-8865


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Jun 21, 2004, at 6:25 AM, <lacroix@lepine-lacroix.info> wrote:

> But, sometimes, I receive spam that comes from non-existing domain,
> such
> as the one below. [...]

> domain of sender
> NBYZRHXAUDP@RND_FROM_DOMAIN does not exist,

> So, my question is: is there a way in SPF checking to actually reject
> these messages? [...] I understand that this may not be per say an SPF
> question,
> but any help could be useful!

You are correct that this is not an SPF question. Since you are using
postfix, just set reject_unknown_sender_domain in your
smtpd_recipient_restrictions

-j

--
Jeffrey Goldberg http://www.goldmark.org/jeff/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Hi,

This is indeed not an spf problem, you should consult your postfix
manual and/or mailing lists. I don't use postfix myself, so I won't be
able to help you on this.

Koen

On Fri, Jun 18, 2004 at 02:16:05PM -0400, Jean-Michel Lacroix wrote:
> Hello,
>
> I have installed SPF (both SPF checking and publishing an SPF record on
> my DNS) at home on my small domain and network at home and things are
> working fine so far. It does not block a lot of messages yet, but this
> is mostly due to the fact that most of the spam I receive are from
> domains that do not publish a SPF record.
>
> But, sometimes, I receive spam that comes from non-existing domain, such
> as the one below.
>
> Jun 18 12:17:36 192.168.1.253 postfix/policy-spf[25174]: : SPF unknown:
> smtp_comment=Please see
> http://spf.pobox.com/why.html?sender=NBYZRHXAUDP%40RND_FROM_DOMAIN
> <http://spf.pobox.com/why.html?sender=NBYZRHXAUDP%40RND_FROM_DOMAIN&ip=2
> 13.22.17.60&receiver=ns1.lepine-lacroix.info>
> &ip=213.22.17.60&receiver=ns1.lepine-lacroix.info: domain of sender
> NBYZRHXAUDP@RND_FROM_DOMAIN does not exist,
> header_comment=ns1.lepine-lacroix.info: error in processing during
> lookup of NBYZRHXAUDP@RND_FROM_DOMAIN
>
> So, my question is: is there a way in SPF checking to actually reject
> these messages? In a way, if a domain does not exist, there cannot be a
> SPF record for it, and it is almost certain that the sender is not
> legitimate! If it cannot be dealt in SPF, how can I set my system to
> just reject it! I am using Postfix 2.0.1 on a RedHat 8.0 system. I
> have not modified my Postfix settings, with the exception of doing SPF
> checking. I understand that this may not be per say an SPF question,
> but any help could be usefull!
>
> Jean-Michel Lacroix, Ph.D.
> Assistant Director
> Adaltis Development, Inc.
> 500 Cartier Blvd. West
> Laval, (Québec) H7V 5B7
> CANADA
>
> Bus : (450) 781-8862 x2501
> FAX : (450) 781-8865
>
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I also don't use postfix, but I did run across this note:
http://does-not-exist.org/mail-archives/just-mail/msg00003.html
which seems to imply a pretty straightforward line in
/etc/postfix/main.cf
- -David

Koen Martens wrote:
| Hi,
|
| This is indeed not an spf problem, you should consult your postfix
| manual and/or mailing lists. I don't use postfix myself, so I won't be
| able to help you on this.
|
| Koen
|
| On Fri, Jun 18, 2004 at 02:16:05PM -0400, Jean-Michel Lacroix wrote:
|
|>Hello,
|>
|>I have installed SPF (both SPF checking and publishing an SPF
record on
|>my DNS) at home on my small domain and network at home and things are
|>working fine so far. It does not block a lot of messages yet, but
this
|>is mostly due to the fact that most of the spam I receive are from
|>domains that do not publish a SPF record.
|>
|>But, sometimes, I receive spam that comes from non-existing
domain, such
|>as the one below.
|>
|>Jun 18 12:17:36 192.168.1.253 postfix/policy-spf[25174]: : SPF
unknown:
|>smtp_comment=Please see
|>http://spf.pobox.com/why.html?sender=NBYZRHXAUDP%40RND_FROM_DOMAIN
|><http://spf.pobox.com/why.html?sender=NBYZRHXAUDP%40RND_FROM_DOMAIN&ip=2
|>13.22.17.60&receiver=ns1.lepine-lacroix.info>
|>&ip=213.22.17.60&receiver=ns1.lepine-lacroix.info: domain of sender
|>NBYZRHXAUDP@RND_FROM_DOMAIN does not exist,
|>header_comment=ns1.lepine-lacroix.info: error in processing during
|>lookup of NBYZRHXAUDP@RND_FROM_DOMAIN
|>
|>So, my question is: is there a way in SPF checking to actually reject
|>these messages? In a way, if a domain does not exist, there
cannot be a
|>SPF record for it, and it is almost certain that the sender is not
|>legitimate! If it cannot be dealt in SPF, how can I set my system to
|>just reject it! I am using Postfix 2.0.1 on a RedHat 8.0 system. I
|>have not modified my Postfix settings, with the exception of doing SPF
|>checking. I understand that this may not be per say an SPF question,
|>but any help could be usefull!
|>
|>Jean-Michel Lacroix, Ph.D.
|>Assistant Director
|>Adaltis Development, Inc.
|>500 Cartier Blvd. West
|>Laval, (Québec) H7V 5B7
|>CANADA
|>
|>Bus : (450) 781-8862 x2501
|>FAX : (450) 781-8865
|>
|>
|>-------
|>Archives at http://archives.listbox.com/spf-help/current/
|>Donate! http://spf.pobox.com/donations.html
|>To unsubscribe, change your address, or temporarily deactivate
your subscription,
|>please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
|
|

- --
_______________________________________________
GPG (http://www.gnupg.org/) key available from:
http://www.kayakero.net/per/david/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFA3dHGCzuSgviBh00RAjfxAJ4yKTjlf7qsC5QBVhFWatPRTMU2PwCgoCLX
8zI5FSlFH5xaHfQAqKexUDo=
=I0Rl
-----END PGP SIGNATURE-----

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com