sorry, i didn't read the rfc, i just went off what was sent previously. so
we're still not talking about [ipaddress] in FROM we're actually talking
about it in HELO and having to use that in the event of a null FROM.
so how exactly do you lookup the SPF record for
postmaster(_at_)[1(_dot_)2(_dot_)3(_dot_)4]
presumably you're just going to get a PERMERROR result in the current spec
because an ip address is not a fqdn. the only way you're going to be able
to get an SPF record is to turn that ip address into an fqdn and go from
there.
if you think about it, the only reason to put [ipaddress] in HELO according
to the rfc you've stated is "...if the host has no name..." (i still haven't
read it) that means the host *has no name*, if it did it would have used it,
and as it doesn't have a name, how exactly are you supposed to lookup
something that doesn't exist?
in other words a null FROM with [ipaddress] in HELO will always result in an
SPF:PERMERROR (Malformed Domain), unless you specifically want to change the
SPF specs to alter those results for this specific purpose?
the next problem is that HELO is *not* passed to check_host( ) so you really
don't know if the sender parameter passed into the function was from built
from the FROM value or, because that was null, it was built from
postmaster(_at_)HELO(_dot_)
now really think about this, someone can put an MTA on the net to send mail
but has to use [ipaddress] in it's HELO, they can't create a fqdn? ok, they
can't for some reason, HELOs are easily forged for the simple fact that they
are just MTA administrator entered text, so why can't the MTA admin just set
the HELO to something they *do* have an SPF record for and ensure that the
SPF record for that domain covers that ip address?
SPF does not *have* to adhere to the current rfc's, it can make parts of
them essentially void by writing a spec that overrides or ignores bits of
them. just like every other security type of product, they all restrict you
to a smaller subset of allowable values.
----- Original Message -----
From: "Mark" <admin(_at_)asarian-host(_dot_)net>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Thursday, October 14, 2004 6:13 PM
Subject: Re: [spf-discuss] MAIL FROM address literals etc. (was: SPF v1
draft for review)
Raymond Neeves wrote:
"...to accept mail to domain literals..."
to me that appears to be about mailservers accepting RCPTs of
username(_at_)[ipaddress] (accept mail to) and not about FROMs (accept
mail from) ???
are there *any* valid circumstances for the FROM to be
username(_at_)[ipaddress] ? RCPT i can understand but FROM?
I think you are missing the point. Section 2.1 ("The Mail From Identity")
says:
When the reverse-path is null, this document defines the
"Mail From" identity to be the mailbox composed of the localpart
"postmaster" and the domain supplied with the SMTP EHLO or HELO
command.
And Section 3.6 of RFC 2821 states:
The domain name given in the EHLO command MUST be either a primary
host name (a domain name that resolves to an A RR) or, if the host
has no name, an address literal as described in section 4.1.1.1.
So that the matter of domain literals in MAIL FROM is pertinent.
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta
features SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com