-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If the MAIL From: is quoted, spfmilter-0.95 will not parse it correctly,
resulting in NONE results where it should generate a FAIL.
I'm checking this against other implementations right now, but I expect
this is unique to spfmilter.
Example:
EHLO j.random.example.org
MAIL FROM: "user(_at_)example(_dot_)com"
RCPT TO: user(_at_)example(_dot_)com
Slips through spfmilter.
This will not be a problem for compliant checkers, as HELO will
probably fail, but it could be a problem for anyone using older
implementations.
Lesson: make sure you validate your input.
- - --
Daniel Taylor VP Operations Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com http://www.vocalabs.com/
(952)941-6580x203
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDBegF8/QSptFdBtURAl3/AJ0dUg/A9ENJtq4ePCRkVZOqKU7WNACfV0ZE
wuphmv6eVvyktC1h9JpFm0c=
=/urn
-----END PGP SIGNATURE-----