pypolicyd-spf

Whitelist HELO domains

Asked by John

Hi All -
  I apologize up front if this question seems too trivial for the developer group. I've searched the internet and can't seem to find an elegant solution here.

Is there any way to whitelist HELO domains? I have been whitelisting IP addresses for some time to protect upstream forwarding MTA's and Backup MX servers from getting rejected upon SPF failures. I prefer to blanket reject on SPF failure rather than passing the message on to the spam filter, except in the case of forwarded mail.

I have RTFM'd a few times but maybe this functionality just doesn't exist? Thanks for any help you can offer.

Question information

Language:
English Edit question
Status:
Answered
For:
pypolicyd-spf Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Scott Kitterman (kitterman) said : 		#1

It's not currently supported. I'll add it as a feature request.

Revision history for this message
Federico Fissore (federico-fsfe) said : 		#2

Isn't this the goal of Domain_Whitelist ?

Revision history for this message
Scott Kitterman (kitterman) said : 		#3

Not quite. It's SPF HELO WHITELIST" (added in version 2.0):

HELO_Whitelist = relay.example.com

That skips SPF checks any time a remote server uses relay.example.com as HELO/EHLO based on the name. In contrast:

Domain_Whitelist = relay.example.com

would do an SPF check for the connect IP using the SPF record of relay.example.com regardless of the HELO/EHLO or Mail From name used in the message and skip the actual HELO/EHLO or Mail From check if it passed.

Can you help with this problem?

Provide an answer of your own, or ask John for more information if necessary.

To post a message you must log in.