Hi David,
David Lawless wrote:
Third, I had to make a whole bunch of changes to 'spf-milter' to
get it working. I had to hack in the 'fallback' option, and I
had to modify the whitelisting logic to support whitelisted
envelope senders instead of whitelisted envelope recipients.
Oh, and I had to read the code to learn that a "SPF:" tag
is required for the entries in 'access.db' Not documented.
It's not documented because it's a private patch that I wrote that hasn't been
incorporated into the main spf-milter code (yet). The fallback option is again
something not yet supported by the perl milter. So in respect of (the lack of)
those features, I would have to agree with you that the code was immature.
Fourth I had to make this bug-fix to 'Query.pm' so that it will
ignore non-SPF TXT records and execute 'fallback' correctly:
1729a1730,1741
# check for non-SPF TXT records
my $spf_flag = 0;
foreach (@txt) {
if (/^v=spf1\s/) {
$spf_flag = 1;
last;
}
}
if (! $spf_flag) {
@txt = ();
}
Hopefully this patch (or something like it) will be incorporated upstream by
Meng so that everyone can benefit from this fix.
After all this screwing around I finally got to the place I
expected to start: Crafting a few 'fallback' records to
guarantee that my critical correspondents at large corporations
will not have any trouble sending me e-mail. It should be
possible to put these in a config file instead of writing them
in Perl.
Since the original milter doesn't currently provide fallback support at all,
this should just be a case of making a patch that read the fallback records
from a config file (or database) instead of hardcoding them into the milter.
For the few correspondents that have e-mail accounts
at huge providers like MindSpring and Yahoo, I created
"SFP:user(_at_)domain(_dot_)tld OK" entries in the 'access.db' file that
match their exact e-mail addresses.
Bear in mind that the only reason you needed to do this was because you're
using fallback records; neither of those domains have published SPF records.
Anyone using fallback records must be prepared to have to tweak things and
make exceptions if they don't want to reject wanted mail.
SPF must be made much easier to deploy! The ability to hack
Perl code and obsessive persistence should not be requirements
for getting SPF working!
I agree, but the vast majority of people wanting to deploy SPF will not need
to hack anything because they won't be using fallback record.
Regards, Paul.