Raymond Neeves wrote:
sorry, i didn't read the rfc, i just went off what was sent
previously. so we're still not talking about [ipaddress]
in FROM we're actually talking about it in HELO and
having to use that in the event of a null FROM.
so how exactly do you lookup the SPF record for
postmaster(_at_)[1(_dot_)2(_dot_)3(_dot_)4]
You don't.
presumably you're just going to get a PERMERROR result in the current
spec because an ip address is not a fqdn. the only way you're going to be
able to get an SPF record is to turn that ip address into an fqdn and go
from there.
If by that you mean to get a PTR for the address literal, then I
emphatically state NOT to do so. There can be many domain names associated
with an IP address; so the SPF lookup on the PTR will likely yield an
unexpected/undesired result.
If the sending host provides nothing in the way of a domain name, then I see
no recourse but to resign to that fact. Or, to turn the tables, if a sending
domain wants to do SPF, then it really should provide a domain name to match
against, one way or the other.
if you think about it, the only reason to put [ipaddress] in HELO
according to the rfc you've stated is "...if the host has no name..."
(i still haven't read it) that means the host *has no name*,
if it did it would have used it.
Exactly. :)
and as it doesn't have a name, how exactly are you supposed to lookup
something that doesn't exist?
You don't.
in other words a null FROM with [ipaddress] in HELO will always
result in an SPF:PERMERROR (Malformed Domain),
That is essentially correct.
unless you specifically want to change the
SPF specs to alter those results for this specific purpose?
No.
the next problem is that HELO is *not* passed to check_host( ) so you
really don't know if the sender parameter passed into the function was
from built from the FROM value or, because that was null, it was built
from postmaster(_at_)HELO(_dot_)
True.
now really think about this, someone can put an MTA on the net to
send mail but has to use [ipaddress] in it's HELO, they can't create
a fqdn? ok, they can't for some reason, HELOs are easily forged
for the simple fact that they are just MTA administrator entered text,
so why can't the MTA admin just set the HELO to something they
*do* have an SPF record for and ensure that the SPF record for
that domain covers that ip address?
Exactly. SPF records exist to authorize IP addresses for domain names. If
sending hosts cannot be bothered to provide a domain name, one way or the
other, then they should not expect the receiver to retrieve an SPF record
for that non-supplied domain name.
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx