spf-discuss
[Top] [All Lists]

Re: questions about postfix implementation

2004-03-29 04:09:51
Zitat von Chuck Mead <csm(_at_)lunar-linux(_dot_)org>:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Okay so I've implemented the policy-spf perl script into postfix
2.0.19-20040312 and it's working as far as it goes. I've also added the
spf entries to dns domains I send mail from. I now have questions about
what I am seeing and questions about how to get the policy-spf perl
script to do more than just spew nice entires into my maillog. :-)

Here is the log from a typical spam attempt (it even includes a limp
wristed HELO using an ip instead of a name):

Mar 29 02:01:23 varmint postfix/smtpd[20792]: connect from
unknown[211.55.5.60]
Mar 29 02:01:26 varmint postfix/policy-spf[20795]: Attribute:
client_address=211.55.5.60
Mar 29 02:01:26 varmint postfix/policy-spf[20795]: Attribute:
client_name=unknown
Mar 29 02:01:26 varmint postfix/policy-spf[20795]: Attribute:
helo_name=24.172.57.2
Mar 29 02:01:26 varmint postfix/policy-spf[20795]: Attribute:
protocol_name=SMTP
Mar 29 02:01:26 varmint postfix/policy-spf[20795]: Attribute:
protocol_state=RCPT
Mar 29 02:01:26 varmint postfix/policy-spf[20795]: Attribute: queue_id=
Mar 29 02:01:26 varmint postfix/policy-spf[20795]: Attribute:
recipient=apache(_at_)moongroup(_dot_)com
Mar 29 02:01:26 varmint postfix/policy-spf[20795]: Attribute:
request=smtpd_access_policy
Mar 29 02:01:26 varmint postfix/policy-spf[20795]: Attribute:
sender=onwgk(_at_)email(_dot_)com
Mar 29 02:01:26 varmint postfix/policy-spf[20795]: : testing: stripped
sender=onwgk(_at_)email(_dot_)com, stripped 
rcpt=apache(_at_)moongroup(_dot_)com
Mar 29 02:01:26 varmint postfix/policy-spf[20795]: handler testing: DUNNO
Mar 29 02:01:26 varmint postfix/policy-spf[20795]: decided action=DUNNO

The domain the sender claims to come from (email.com) has no SPF records so the
result is "DUNNO", in Postfix speak check the other restrictions...

Mar 29 01:48:28 varmint postfix/policy-spf[20658]: : testing: stripped
sender=csm+nospam(_at_)lunar-linux(_dot_)org, stripped 
rcpt=csm+nospam(_at_)moongroup(_dot_)com
Mar 29 01:48:28 varmint postfix/policy-spf[20658]: handler testing: DUNNO
Mar 29 01:48:28 varmint postfix/policy-spf[20658]: decided action=DUNNO

Now why is it saying "DUNNO" here? This seems very odd!

For the SPF-Policyd the result is the same if the SPF-test is positive as if the
test is not possible because the sender has no SPF record at all.


I have one more question... aside from logging what else can this filter
do? It seems a very useful idea and I would like to see what, if any,
more useful applications it has.

SPF can only work if the domain the spammer claims to send as has published
SPF-records.

Regards

Andreas