spf-discuss
[Top] [All Lists]

Re: Border Appliances

2005-06-28 10:27:09
At 10:39 AM 6/28/2005 -0500, Daniel Taylor wrote:
David MacQuigg wrote:
> At 10:15 PM 6/27/2005 -0700, Greg Connor wrote:

>> The edge mailers are not smart enough to process SPF yet.  (Actually
>> an SPF switch exists but their implementation is known to have some
>> problems and can't be adjusted, whitelisted, etc.  This is an
>> appliance box.)  Most important, their implementation of SPF doesn't
>> allow for logging only, the only choice is to reject.
>
>
> This raises a serious question - If many domains use these "appliance
> boxes" as their border MTAs, how can we expect *any* IP authentication
> method to work?  Are we expecting these appliances to be replaced by
> general-purpose MTAs?  I assume there is no chance of modifying their
> proprietary software.
>
> ...
>
The border MTA is the one that needs to do the check for best effect.
However: if the border MTA provides useful Received-From headers
they can be used for post-SMTP verification. This is sub-optimal
in so many ways, but is better than nothing I suppose.

This seems like a possible temporary work-around, at least until all the appliances get updated to provide some kind of standard authentication interface, e.g. an API to call a plugin with all session identities and the connecting IP.

Are any of the current SPF-enabled MTAs able to pick up the required info from a specified Received header? This might be tricky if there are a lot of variations in the Received headers from various gonzo appliances. Another good reason for a standard authentication header - make all the appliances look like just another trusted forwarder.

--
Dave
************************************************************     *
* David MacQuigg, PhD     email: david_macquigg at yahoo.com     *  *
* IC Design Engineer            phone:  USA 520-721-4583      *  *  *
* Analog Design Methodologies                                 *  *  *
*                                 9320 East Mikelyn Lane       * * *
* VRS Consulting, P.C.            Tucson, Arizona 85710          *
************************************************************     *