Mark Shewmaker wrote:
On Sat, 2004-09-25 at 10:58, Meng Weng Wong wrote:
If SUBMITTER is not present, and nothing else
provides a positive result, I still want to be able to
reject based on a MAIL-FROM "fail" result.
So do I.
But if SUBMITTER *is* present and provides a positive result, I still
want to be able to reject based on a MAIL FROM "fail" result. In
other words:
Authentication tests:
If this test fails: Result:
-------------------------------------------------------------------
MAIL FROM: (SES/CBV/SPF) Reject, no matter the results of other tests.
PRA: (SenderID/SUBMITTER) Reject, no matter the results of other tests.
HELO: (name lookup/CSV) Reject, no matter the results of other tests.
Content: (DomainKeys) Reject, no matter the results of other tests.
-------------------------------------------------------------------
I largely agree. I would just re-arrange the order:
-------------------------------------------------------------------
HELO: (name lookup/CSV) Reject, no matter the results of other tests.
PRA: (SenderID/SUBMITTER) Reject, no matter the results of other tests.
MAIL FROM: (SES/CBV/SPF) Reject, no matter the results of other tests.
Content: (DomainKeys) Reject, no matter the results of other tests.
-------------------------------------------------------------------
HELO, in the "new" philosophy, if I recall correctly, should come first, to
offer a quick early-out. I could do without PRA, but I like the use of a
stand-alone SUBMITTER. And since SUBMITTER (when present) is to take the
place of MAIL FROM, I believe SUBMITTER test should preceed MAIL FROM.
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx