In <20030930023137(_dot_)EF34416FC7(_at_)jmason(_dot_)org>
jm(_at_)jmason(_dot_)org (Justin Mason) writes:
How viable is this -- using the HELO domain instead of the MAIL FROM
to use in the SPF check?
I'm running into trouble with getting reliable MAIL FROM data from message
headers, unless the MTA has been modified to add it specifically (many
don't do this by default, including sendmail).
"Return-Path" in particular is proving unreliable quite often. :(
Is finding a valid SMTP MAIL FROM address in the headers something
that will remain constant for a particular site, or will it depend on
the email that has been received?
It might be best if you skipped the SPF checks if you can't reliably
determine the SMTP MAIL FROM address. Or, give it a lower score
unless you can determine that it is accurate.
Once upon a time, back when I was participating in the IRTF ASRG
mailing list, I implemented a "domain specific DNSBL", that was an
extremely simple version of SPF. I hacked on SpamAssassin to do the
checking, and it seemed to work ok for the testing that I did. It was
really a "proof of concept" to quiet those folks that were complaining
that such a system was "too hard to do".
See:
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg00686.html
Anyway, for some reason, I ended up using the "reply-to" data in
SpamAssassin for my checks. It seemed to work for Exim3 on Debian
Linux and SpamAssassin v2.5x(?) or so.
The SpamAssassin code I added was:
sub check_dsdnsbl {
my ($self, $set) = @_;
my $from = $self->get ('Reply-To:addr');
if (!defined $from || $from !~ /\(_at_)\S+/) {
$from = $self->get ('From:addr');
}
return 0 unless ($from =~ /\@(\S+)/);
$from = $1;
dbg ("checking domain specific DNSBL for $from", "rbl", -1);
return check_rbl( $self, $set, "smtp-out.$from", 1 );
}
# check domain specific DNSBL
header RCVD_IN_DSDNSBL rbleval:check_dsdnsbl('smtp-out')
describe RCVD_IN_DSDNSBL Received via Domain Specific DNSBL of sender
tflags RCVD_IN_DSDNSBL net
score RCVD_IN_DSDNSBL 1.0
If I recall correctly, the above code was basically a cut-and-paste
from somewhere else in SA. It also appears that the Return-Path:
header is used in at least one or two other spots in SA.
I guess my point is that finding a reliable SMTP MAIL FROM value may
well make other parts of SA work better.
-wayne
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡