Andreas Saurwein wrote:
during an HELO check,
s = "postmaster"
o = ""
l = "postmaster"
s is always the same as l(_at_)o, and an "empty" o is always an
SMTP syntax error, just reject it with the corresponding 5xx.
SPF won't help you for SMTP syntax errors, you'd get NONE,
because "" has no sender policy. Same problem for domain
literals, HELO [127.0.0.1] can be perfectly valid when you
talk to yourself, but it certainly has no sender policy.
Only FQDN host names can have a sender policy, anything else
results in NONE.
An indirect NONE caused by SPF include: or redirect= would
of course be an error, but that's not what you'd get in o
(= original domain, not the same as d after an indirection)
I think it should be at least mentioned that for a MFROM
check the HELO data must be present.
You need it anyway for the MAIL FROM:<> case, because you'd
then substitute l := postmaster, o := helo-FQDN, s := l(_at_)o
as always, and initial d := o as always.
So if you have h := helo-FQDN (always) that substitution for
an empty MAIL FROM:<> is simply l := postmaster and o := h,
anything else works as always.
The same substitution is what you'd do in all HELO checks...
But then again, maybe I am just picky.
...no, the SPF spec. is rather long, it's not always easy to
find stuff. OTOH we tried to find bugs for at least a year,
IIRC the last real bug found was in 2004. And for obvious
reasons adding a 2nd example in section 8.2 (with the macro
expansion) would make the spec. even longer.
Bye, Fran
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com