Matthew(_dot_)van(_dot_)Eerde(_at_)hbinc(_dot_)com wrote:
No. In fact, source IP is required for SPF records with PTR in them.
ok, so it picks up the source ip from the connection.
but it can't care about the ehlo or the mail from line, otherwise I
suppose there would need to be some decision made with regard to
connection params or PRA / Header determination...
Yes. So the MTA needs to keep track of everything. Headers can be
according to taste.
EHLO, Source IP => top Received-by: header
MAIL FROM (<> From: header) => X-Envelope-From: header
Mail From and the From header are completely unrelated.
I can telnet to a server on port 25 and do this
server1# telnet oo50.emkhost.com 25
Trying 68.165.182.50...
Connected to oo50.emkhost.com.
Escape character is '^]'.
220 oo50 ESMTP oo50 0.27.1 Send roboota mobattie.
ehlo
250-oo50 Hi server1.managean.com [69.20.9.90]
250-WIGGLE
250 8BITMIME
mail from: <willey(_at_)41166(_dot_)com>
250 willey(_at_)41166(_dot_)com, sender OK it is wery exciting.
rcpt to: <wiggles(_at_)41166(_dot_)com>
250 wiggles(_at_)41166(_dot_)com, recipient ok
data
354 go ahead
from: waitman(_at_)emkdesign(_dot_)com
subject: what in the world
test
.
250 Queued!
quit
221 oo50 bye. Have a wonderfulo dayo.
Connection closed by foreign host.
and the message shows up like this
Return-Path:
<SRS0=/yU4s6dH=LO=41166(_dot_)com=willey(_at_)r2(_dot_)emkhost(_dot_)com>
Received: from mail.emkhost.com (h-68-165-182-61.lsanca54.covad.net
[68.165.182.61])
by r2.emkhost.com (xox) with ESMTP id i7OKvqgn061389
for <sparewaitman(_at_)r2(_dot_)emkhost(_dot_)com>; Tue, 24 Aug 2004
13:57:52 -0700 (PDT)
Received: from localhost.localdomain (h-68-165-182-50.lsanca54.covad.net
[68.165.182.50])
by mail.emkhost.com (8.13.0/8.13.0) with ESMTP id i7OKgj17007810
for <wiggles(_at_)41166(_dot_)com>; Tue, 24 Aug 2004 13:42:45 -0700
(PDT)
Date: Tue, 24 Aug 2004 13:42:45 -0700 (PDT)
Message-Id:
<200408242042(_dot_)i7OKgj17007810(_at_)mail(_dot_)emkhost(_dot_)com>
Received: from server1.managean.com (HELO ) (69.20.9.90)
by oo50 (oo50/1000.27.1) with ESMTP; Tue, 24 Aug 2004 06:41:10 -0700
from: waitman(_at_)emkdesign(_dot_)com
subject: what in the world
X-EMK-SRC: host ip 69.20.9.90
To: undisclosed-recipients:;
test
So you could get a message claiming to be from jesus himself that passes
SPF. (if it does checks before DATA)
if it does checks after DATA, and looks at the header - well there is
nothing about DATA that is safe to consider to be true.
And I am back to their example of the problem with web forms that use
the "From" address based on visitor input. Adding a special header that
permits the thing to go through regardless of who its from doesn't
really seem make enough sense to go to all the trouble of reading (maybe
a faulty or forged) DATA when it could probably just look at MAIL FROM
in the first place.
From what I understand, the CDO thingy just drops a text
email into the
outgoing queue for processing. So, it is using the FROM
address of the
message to do MAIL FROM.
MAIL FROM usually equals From: header. For CDO, s/usually/always/