On Wed, 21 Jun 2006, Alex van den Bogaerdt wrote:
with example.com in MFROM. But the set of MTAs using example.com
in HELO can only be finite and are not roaming, and can therefore
easily get a pass.
True.
Still, I have a feeling you shouldn't generate a message that may
be (mis)interpreted as "rejected due to SPF".
Here is the current message. What should it say?
if hres in ('deny','fail','neutral','softfail'):
self.log('REJECT: hello SPF: %s 550 %s' % (hres,htxt))
self.setreply('550','5.7.1',htxt,
"The hostname given in your MTA's HELO response is not listed",
"as a legitimate MTA in the SPF records for your domain. If you",
"get this bounce, the message was not in fact a forgery, and you",
"should IMMEDIATELY notify your email administrator of the problem."
)
return Milter.REJECT
All right, I have a hard time thinking of any useful examples.
Another try:
Publishing "v=spf1 ?all" should be equivalent to not publishing at all.
What if example.com has this record?
Then my system would reject HELO example.com. But I also reject for no SPF
record when HELO is also invalid (doesn't resolve to connect ip or get
guessed pass) and there is no (non-dynamic) PTR. So I preserve the principle
of not discriminating against those who publish SPF.
self.log('REJECT: no PTR, HELO or SPF')
self.setreply('550','5.7.1',
"You must have a valid HELO or publish SPF: http://www.openspf.org ",
"Contact your mail administrator IMMEDIATELY! Your mail server is ",
"severely misconfigured. It has no PTR record (dynamic PTR records ",
"that contain your IP don't count), an invalid or dynamic HELO, ",
"and no SPF record."
)
return Milter.REJECT
Well, mostly. OK, I guess to be really "fair", I should accept a HELO that
resolves to the connect IP, even if the official SPF result is neutral.
I will make that change, but I doubt the code will ever get exercised.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com