| > Let's set a goal of getting SPF bundled into either the standard
| > distribution or a major distribution package of at least one of the
| > major four MTAs by the end of January.
|
| Greg Shapiro (gshapiro(_at_)freebsd(_dot_)org) maintains Sendmail in
FreeBSD and
| might be worth contacting to see if he'd be interested in helping out.
Good call. Greg, can would you be interested in helping out? We have
an open library just out at http://libspf.org/ and it's reportedly
talking to sendmail. BSD license, i think.
I would prefer not to do this for a few reasons:
1. SPF breaks a few common MTA activities and putting in the defalut
distribution will lead to massive end user problems.
2. The sendmail in FreeBSD is based on the vendor (sendmail.org)
version. We don't add wholesale changes to the vendor versions.
3. Integrating this directly into the MTA is the wrong way to do it.
This should be made into a Milter which the MTA contacts. If this is
done, you can file a FreeBSD PR to get that Milter added to the ports
system.
4. libspf is beta code and I don't want to destabalize production
services with beta code.
5. There are remotely exploitable buffer overflows in the code. One
such example is SPF_smtp_helo() which is given the HELO arg provided
by the connecting site. dbg_print() is called with that argument
which is mapped to _printf_dbg(). _printf_dbg() uses vsprintf()
into a fixed size string. All an attacker needs to do if provide a
sufficiently long HELO argument.
As mentioned above, I encourage you to create a Milter instead of
patching sendmail directly. You'll get a much larger adoption rate.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡