This is a cryptographically signed message in MIME format.
Nathan Wharton wrote:
From what I understand, if a domain hasn't published any SPF records,
or doesn't even exist, I shouldn't be getting an SPF fail on
something from them. Is this right?
If it is, then that has not been my experience. If a bounce comes
from a machine that has a bogus HELO, it gets an SPF fail:
Mar 4 20:30:24 mail2 postfix/policy-spf[31748]: : SPF fail:
smtp_comment=Please see
http://spf.pobox.com/why.html?sender=InterJet.akaerospace.com&ip=209.112.133.85&receiver=mail2.schaferhsv.com:
domain of sender InterJet.akaerospace.com does not exist,
header_comment=mail2.schaferhsv.com: domain of does not designate
209.112.133.85 as permitted sender
Mar 4 20:30:24 mail2 postfix/smtpd[31743]: NOQUEUE: reject_warning:
RCPT from aerodial.alaska.net[209.112.133.85]: 554
<protected(_at_)schaferhsv(_dot_)com>: Recipient address rejected: Please see
http://spf.pobox.com/why.html?sender=InterJet.akaerospace.com&ip=209.112.133.85&receiver=mail2.schaferhsv.com:
domain of sender InterJet.akaerospace.com does not exist; from=<>
to=<protected(_at_)schaferhsv(_dot_)com> proto=ESMTP helo=<InterJet.akaerospace.com>
I don't think this is a configuration problem, because everything else
works.
So, I was hoping the new HELO work was going to take care of this, but
it seems that there is going to be more restrictive rules on HELO, not
less.
I think that the problem is a 'feature' of the MSQ code that validates
that the sender's domain actually exists (i.e. doesn't return NXDOMAIN),
and returns FAIL if not. I suspect that this logic probably should not
be present for the HELO fallback case -- maybe it should return SOFTFAIL
instead.
Philip
--
Philip Gladstone
* Check out the live pondcam at http://pond.gladstonefamily.net