[nycbug-talk] [Fwd: Kaminsky redux - libspf2 dns parsing bug]

Max Gribov max at neuropunks.org
Fri Oct 24 14:11:26 EDT 2008

Andy Kosela wrote:
> On the contrary I use it because it blocks quite a bit of our SPAM
> traffic. I know SPF is flawed from the very beginning but I had to
you're right, i take back what ive said about spf:
[last 24 hours]
[root at finn /home/max]# grep -i spf /var/log/maillog|grep REJECT|wc -l

for some reason i had spf turned off in postfix, this thread made me 
check, and sure enough, im an imbecile : )

> turn off greylisting just because it was generating too many blocked
> messages (not all mail servers out there are intelligent enough to
> handle it properly).
> Oct 23 01:59:35 aegis postfix/policy-spf[67264]: : SPF fail:
> smtp_comment=Please see
> http://www.openspf.org/why.html?sender=x%x&ip=x.x.x.x&receiver=x,
> header_comment=x: domain of x does not designate x.x.x.x as permitted
> sender

More information about the talk mailing list