# # 2017-02 spf policies:
# # host -t txt lists.fedoraproject.org
-# # google ~all, hotmail -all, yahoo: ?all, fastmail ?all
+# # google ~all, hotmail ~all, yahoo: ?all, fastmail ?all, outlook ~all
# # i include fastmail\'s settings, per their instructions,
# # and follow their policy. In mail in a box, or similar instructions,
# # I\'ve seen recommended to not use a restrictive policy.
# keep your dkim signature intact but add list- headers.
DKIM_SIGN_HEADERS = mime-version:in-reply-to:references:from:date:subject:to
+# recommended if dns is expected to work
+CHECK_RCPT_VERIFY_SENDER = true
+# seems like a good idea
+CHECK_DATA_VERIFY_HEADER_SENDER = true
+CHECK_RCPT_SPF = true
+CHECK_RCPT_REVERSE_DNS = true
+CHECK_MAIL_HELO_ISSUED = true
EOF
# light version of exim does not have sasl auth support.
- pi exim4-daemon-heavy spamassassin
+ pi exim4-daemon-heavy spamassassin spf-tools-perl