You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2007/07/19 07:53:54 UTC
[Bug 5567] Faulty SPF_HELO_FAIL processing.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5567
spamassassin@dostech.ca changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From spamassassin@dostech.ca 2007-07-18 22:53 -------
(In reply to comment #0)
> A correctly configured SPF record may look like this:
>
> example.com "v=spf1 mx ?all"
> server1.example.com "v=spf1 -all"
>
> The above indicates that emails of the format user@example.com are
> valid (when originating from the MX servers for example.com), but
> emails of the format user@server1.example.com never exist.
Not quite accurate (emails "of the format user@server1.example.com" could
exist), but sure.
> Spamassassin is incorrectly using the mail server SMTP greeting's
> host name to query SPF records for email address domains, however, in
> almost all cases, the server's host name is not an acceptable suffix
> for email addresses.
Uh, no it is not. SA uses the mail from, found in a return-path or similar
header field value, as it should.
> In order to verify a server HELO domain via SPF - you need to
> A) look up the MX servers for the MAIL FROM domain
> B) consider only such servers as those that are authorized in the SPF
> record for the MAIL FROM domain,
> C) and check that the HELO domain is one of those MX servers.
Uh, no. Please quote the relevant sections of RFC 4408 that define such a method.
> Depending on whether or not the MAIL FROM domain's SPF record includes
> A or PTR or IP4/IP6 addresses - processing in step (C) may be more
> complicated.
>
> There is no such thing as an SPF record for a mail server hostname,
> only for email address domains, thus the need for the several
> processing steps needed to do a verification.
That's not accurate at all.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.