spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Milter-SPF issues

2004-06-03 10:10:11
from [Paul Howarth] [Permanent Link] 
maeder+spf(_at_)mathconsult(_dot_)ch wrote:

1 outgoing email is also tagged with a Received-SPF header. I have
  all local hosts in the whitelist file, but I'd rather not set this
  header, which may leak internal network information. (This message
  should show this header, unless listbox.com filters it out.)

  is there a way to suppress the header for whitelist hosts or otherwise?


You could use a version of sendmail built -D_FFR_MILTER_PERDAEMON;
then you can limit the milter to run only on the MTA daemon:


define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl
FEATURE(`no_default_msa')dnl
MAIL_FILTER(`spf-milter', `S=local:/var/spf-milter/spf-milter.sock, F=T, T=C:4m;S:4m;R:8m;E:16m')dnl 
DAEMON_OPTIONS(`Port=smtp, Name=MTA, InputMailFilters=spf-milter')dnl
DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
With no milter running on the MSA, outgoing mail will not get tagged (as long as the MSA is used for outgoing mail). 


2 the Received-SPF header of incoming email shows the wrong host name,
  that is, the local unqualified name, like

        Received-spf: pass (HOSTNAME: domain of example.com ...)

  rather than the official FQDN that I explicitly set in sendmail's j macro
  to match the official name of my MX DNS entry.
  The milter code, sendmail-milter-spf.pl, seems to ask for sendmail's j macro.
  Any ideas why it's not picked up? Sendmail itself uses the correct
  value, as far as I can tell.
The value obtained from the j macro is only used for the headers generated directly by the milter; the hostname in the Received-SPF: header is normally determined separately by Mail::SPF::Query but it can be overridden by setting the "myhostname" parameter in the call to Mail::SPF::Query, like this: 

--- spf-milter.orig     2004-06-03 17:56:56.000000000 +0100
+++ spf-milter        2004-06-03 18:01:53.000000000 +0100
@@ -184,7 +184,7 @@

         my $priv_data = shift;
- if (my $query = eval {new Mail::SPF::Query (ip => shift, sender => shift, helo => shift, @extraParams)}) { + if (my $query = eval {new Mail::SPF::Query (ip => shift, sender => shift, helo => shift, myhostname => $our_hostname, @extraParams)}) { my ($call_status, $result, $smtp_comment, $header_comment, $spf_record);
# In "mx" mode, we make a call to result2 (), instead of to result (), 


Regards, Paul.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Domain Keys vs Sender Permitted From vs SenderPolicy Framework, Seth Goodman
Next by Date:  RE: Domain Keys vs Sender Permitted From vs SenderPolicy Framework, Stuart D. Gathman
Previous by Thread:  Milter-SPF issues, maeder+spf
Next by Thread:  RE: Domain Keys vs Sender Permitted From vs Sender Policy Framework, Daryl Odnert
Indexes:  [Date] [Thread] [Top] [All Lists]