I was looking at spamassasin code today and noticed the following in its
Plugin/SPF.pm:
if ($ishelo) {
dbg ("SPF: checking HELO (helo=$helo, ip=$ip)");
if ($helo !~ /^\d+\.\d+\.\d+\.\d+$/) {
# get rid of hostname part of domain, understanding delegation
$helo = Mail::SpamAssassin::Util::RegistrarBoundaries::trim_domain
($helo);
}
dbg ("SPF: trimmed HELO down to '$helo'");
} else {
$sender = $lasthop->{envfrom};
This really does not look like appropriate HELO checking code to me as
they appear to be trying to guess HELO domain (to find its SPF record)
without even attempting to check if SPF record for actual HELO host
exists...
Any comments if we its appropriate to let them know to change this
and how?
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com