Mark Shewmaker writes:
On Mon, 2006-02-27 at 14:53 -0500, Dick St.Peters wrote:
The workaround I use is to defer false-bounce checks until after the
DATA command (but before the data itself), using sendmail's
check_data. At that point, $u isn't set, so you have to set your own
macro earlier. I set mine in Local_check_rcpt. Bounces and CBVs
involve only one recipient, making this easy.
Then that means you're breaking my CBV tests--making it look like all
possible MAIL FROM values from your domain are valid.
Not true. If the CBV RCPT (i.e., the MAIL FROM being CBV-checked)
isn't valid, that's caught before DATA, and you'll get a 550 in
response to your RCPT. Your CBV learns the address is invalid.
If the RCPT *is* valid, CBV gets a 250 "ok" and quits, but a fake
bounce goes on to DATA and gets a 554. A legitimate bounce is to an
SRS'd address and has its DATA accepted.
(One case that doesn't work is if one of my users sends mail from
another network using an address here for the MAIL FROM, and the mail
bounces. That bounce will be to a non-SRS address, so it will be
treated as a fake and will be refused. This is but one in a set of
edge cases that make tinkering with mail hazardous.)
--
Dick St.Peters, stpeters(_at_)NetHeaven(_dot_)com
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com