[Pymilter] excluding authenticated clients from SPF checks
Stuart D Gathman
stuart at gathman.org
Fri Nov 15 17:46:09 EST 2024
On Thu, 14 Nov 2024, Marco Moock wrote:
> My requirement is rather simply:
> I don't want that any SPF check is being done if mail is being
> submitted authenticated.
That is what happens by default. In line 149 (of spfmilter.py):
if self.user:
self.internal_connection = True
and if no SMTP-Auth policy is in the access file, any further checking
is skipped (line 160). in line 171:
if not (self.internal_connection or self.trusted_relay) and self.connectip:
return self.check_spf()
> Nothing more, no additional checks.
However, you almost certainly do NOT WANT that. You need to restrict
authorized clients to send from domains they are authorized to send from.
Windoze users get malware that uses their PC to send from all kinds
of spam domains.
The only reason no checking is the default, is because the needed
information needs to be configured.
More information about the Pymilter
mailing list