Earlier this week, there was a discussion about which
header to use as the sender address MAIL FROM (Return-Path
on my MTA ) or the FROM.
Based on that discussion and Greg Connor's suggestion
and wayne's clarification of header fields and spoofing (along
with revisiting the RFCs 822,2821,2822) I had made the appropriate
modifications to my filter which exctracts the header information
and started to use the Return-Path as the sender for spfquery.
In my setup I found, when the Return-Path is spoofed, it appears
to break the SPF check and consistantly produces a FAIL.
Also because my mailer is behind a mailwall, I don't get the original
helo/ehlo by the time the filter gets to the mail, so I found it necessary
to provide the required -helo command with the properly formatted
ip of the sender (bypassing the localhost or bobsmachine type
of helo/ehlo).
So far spfquery has been operating as I expect it to.
I did modify sqfquery somewhat to use the $passfail response
suplemented by the $guess response.
I currently return:
0 - pass
1 - neutral
2 - none
3 - error
4 - error
5 - softfail
6 - fail
since the $guess response seems to produce pass, neutral
I chose to reduce the $passfail score by 1 if the $guess is a pass.
( a fail/neutral still fails, a fail/pass drops to softfail, a pass/pass
remains 0)
I did this because I have a bunch of domains where the owners
send mail using their domain name but send via their cable provider
and I didn't want their mail failing by creating an spf record on our
DNS.
I add headers X-SPF... for the spfquery args and the score returned
which gets processed by a third filter with rules looking for the new
headers.
So far it appears to work and still testing.
Regards
Greg Cirino
___________________________________
Cirelle Enterprises Inc.
603-425-2221
www.cirelle.com Website Design
www.cirelle.net ProSpeed High Speed Dial-up - 5 Times Faster
www.cedata.com Web, FTP, Email Hosting Services
www.mlsbot.com MLS IDX Services
When You Want It Done Well, Just Call Cirelle
It's not just a Rhyme... There's a Reason!