On Wed, Feb 22, 2006 at 12:55:15AM -0500, John Kelly wrote:
On Wed, 22 Feb 2006 05:16:51 +0100, Frank Ellermann
<nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> wrote:
Matthew(_dot_)van(_dot_)Eerde(_at_)hbinc(_dot_)com wrote:
What part of Sender ID breaks this?
I don't know which part.
I'm also curious, I thought GMaNe is "PRA-compatible" and adds
a Sender, so if the OP got something with PRA = nobody(_at_)xyzzy,
then I'm lost what happened. Maybe a forged spam
I installed sid-milter 0.2.10. Maybe it has bugs, or maybe gmane is
not compatible. I don't have time to investigate right now.
I was looking for an SPF solution to use with sendmail. I did not
want a perl solution, and the libspf/libspf2 situation looked ugly.
Then I ran across sid-milter, and technically, it looked better to me,
so that's what I chose. OTOH, it combines SPF with sender-id.
I don't see any way to configure it to fail on SPF only, and ignore
sender-id failures. It has these configuration levels:
0 accept all mail
1 reject if _both_ sender-id and SPF fail
2 reject if _either_ sender-id or SPF fail
3 reject unless _either_ sender-id or SPF pass
4 reject unless _both_ sender-id and SPF pass
5 reject mail for which a "pass" from either test overrides a
"fail" from the other
I can't use option 1, because SPF could fail while sender-id is
neutral, and then I would not detect the SPF failure. I can't use
option 3 or 4, because if both SPF and sender-id are neutral, that
would produce an unwanted rejection.
5 doesn't make sense to me. Maybe they were trying to say either one
passing will override a failure of the other, but "reject mail" seems
to confuse that. Maybe that's just a documentation bug.
But in any case, if I use sid-milter, it seems I need to run at level
2 and reject any sender-id failures too.
Perhaps they'll take a patch ?
Regards,
Paddy
--
Perl 6 will give you the big knob. -- Larry Wall
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com