spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Re: Apache SpamAssassin SPF checks

2006-11-11 08:29:18
On Saturday 11 November 2006 06:39, Julian Mehnle wrote:
Scott Kitterman wrote:
On Saturday 11 November 2006 01:25, Daryl C. W. O'Shea wrote:
Julian Mehnle wrote:
According to RFC 4408, section 7, the "Received-SPF" header "SHOULD
be prepended to the existing header, above the Received: field that
is generated by the SMTP receiver."
[...]

[...]

The current version of postfix-policyd-spf-perl supports this.

Are you sure that postfix-policyd-spf-perl actually makes "Received-SPF"
headers appear _above_ the according "Received" headers??  That's what
Daryl's argument was about.  "Received-SPF" headers being inserted _below_
the accorging "Received" headers seems to be commonly supported but, as he
explained, isn't reliable for SpamAssassin's purposes.

I haven't actually done it since I use a variant of tumgreyspf for my Postfix 
policy service.  

I looked at the Postfix documentation, http://www.postfix.org/access.5.html, 
and it's not 100% clear to me where PREPEND would land the header in this 
case.  I do know that Weitse Venema places importance on getting things in 
the 'right' order.  It's currently a matter of debate on postfix-users WRT 
the new milter implementation in Postfix 2.3.

I just patched my test server to put a test header in using PREPEND (which is 
the same command that the PERL policyd uses and it is above the received 
header field:

x-headercheck: This is where PREPEND puts it.
Received: from [192.168.111.103] (static-72-81-252-22.bltmmd.fios.verizon.net 
[72.81.252.22])
        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mailout00.controlledmail.com (Postfix) with ESMTP id 27FC65CC0B3
        for <scott(_at_)kitterman(_dot_)com>; Sat, 11 Nov 2006 14:59:30 +0000 
(UTC)

So, I wasn't sure before, but I am now.

[The current version of postfix-policyd-spf-perl is available on CPAN.]

No, it isn't.  The one included with M:S:Q 1.999.1 is version 1.06, which
is old.  And M:S:Q will not get updated any longer.

Oops.  Sorry.  Forgot about that.  That version does have prepend.

Also, Postfix includes this policy engine as one of the examples in the source 
when it is distributed.  The current release, Postfix 2.3.4 has version 1.07 
which supports prepend.  The older Postfix versions that have the policy 
engine (Postfix 2.1/2.2) have versions that do not add the header.

Users of Postfix 2.1/2.2 can update from the SPF website (to get the latest), 
get it from CPAN, or from the Postfix 2.3 source.

PySPF supports received-spf. [...]

... inserting it _above_ the according "Received" header?

PySPF generates the header.  It's up to the calling program to insert in in 
the message.  I do have submitting a patch for tumgreyspf on my list.  
Knowing SA would use that result would certainly make it a higher priority.

I haven't done any programming on Milters, but I believe that pymilter
adds the received header, [...].

... inserting it _above_ the according "Received" header?

Stuart Gathman would be able to answer that question.  He would also be able 
to fix it if it's 'wrong'.

So, Postfix puts the header in the right place with the policy engine.  We'll 
need to hear from Stuart of one of the other Milter authors to find out about 
Sendmail.

Scott K

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735