Re: postfix for 2 domains on 1 vps 1 ip

[Silas <silas_nblists%nocafe.net@localhost>]

On Fri, Jan 01, 2021 at 04:50:16PM -0700, Bob Proulx wrote:
> SPF identifies authorized IP addresses for domains in the message
> envelope.  Therefore the reverse DNS pointer record does not matter in
> this.  The hostname does not matter.  Only the IP address as indicated
> through a DNS response.  This is an anti-forgery protection.  This has
> been a defacto standard requirement for all SMTP host sites for some
> years now.  Must have valid SPF records.  However I do know of small
> low activity sites that still do not implement this and squeeze by
> depending upon the nebulous value of the sending host's "IP reputation
> score".
>
>    https://en.wikipedia.org/wiki/Sender_Policy_Framework
>
> (...)
>
> Reverse DNS is the oldest validation that checks that a sending host
> identifies its own FQDN, which is looked up to an IP address with
> normal forward DNS, which is then looked up to a FQDN with reverse
> DNS, which must match the original name.  This is done under the idea
> that valid SMTP sites are using static IP address assignments and have
> control of their DNS.  Since spammer sites most often did not have a
> static IP assignment and did not have control of their DNS.  This is
> an anti-forgery protection.  These assumptions have been called into
> question in recent years.
>
>    https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS

Thanks for the very good summary!

IIUC, it is possible to implement Reverse DNS validation with
postfix tools in base system with some Postfix option (I've seen
that, but I don't recall the exact postfix setting)

But, in order to implement SPF checking, it is necessary a third-party
program such as mail/py-policyd-spf or mail/libspf2, right?