----- Original Message -----
From: "Meng Weng Wong" <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Monday, December 01, 2003 11:14 PM
Subject: [spf-discuss] reference milter wanted
On Mon, Dec 01, 2003 at 05:32:01PM +0000, Mark wrote:
|
| Ok, then I think I will just leave things the way they are now, and
| pop out a "550 5.7.1" error code at envfrom_callback in the Milter,
| and REJECT.
I just emailed the new draft to Eric Allman. Now would be a good
time to put an updated Milter on the web site under "Downloads".
Do you have a milter that does the Received-SPF prepending?
The current Milter specification offers no mechanism to prepend headers, but
only a way to change headers, in the form of:
$ctx -> chgheader FIELD, INDEX, VALUE
In fact, the Milter at the spf.pobox site just resorts to replacing the
first Received-SPF header with its own!
$ctx -> chgheader ('Received-SPF', 1, $data{'spfresult'} . ' (' .
$data{'spfmessage'} . ')');
That will make it the first Received-SPF header alright, but at the expense
of another Received-SPF header. Not really the author's fault, as there is
currently no method, that I know of, that will do a clean prepend. Maybe
Eric Allman would be willing to add a "prepheader" method to Milter? Or,
perhaps better, add a modifier to the "addheader" to have it prepend.
What I currently do, in my own Milter, is rather ugly. I collect all
"Received-SPF" headers; then (with an undef value), have the "chgheader"
method delete them all; then I first add my own "Received-SPF" header,
followed by the rest. A poor man's "unshift", as it were. :)
My own Milter does a lot more than just SPF; but, if you want it, I could
strip it down to SPF checks only.
At any rate, one thing, imho, SHOULD really change in the Milter at the
spf.pobox site:
} elsif ($result[0] eq 'fail' || $result[0] eq 'softfail') {
if ($SPF_fail) {
$ctx -> setreply ('550','5.7.1','SPF denied sender <'.$from.'> from '
Which says, that if $SPF_fail is set, the Milter should REJECT on both
'fail' or 'softfail'. That is non-SPF compliant code:
Softfail: the message does not meet the sender domain's strict
definition of legitimacy, but the sender domain requests that the
message be accepted nonetheless,
Regards,
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡