You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Matus UHLAR - fantomas <uh...@fantomas.sk> on 2008/02/29 19:11:05 UTC

aren't SPF_ rules network?

Hello,

I wonder if SPF rules shouldn't be considered network... they require DNS
lookups, don't they?
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...

Re: aren't SPF_ rules network?

Posted by Randy Ramsdell <rr...@livedatagroup.com>.
Matus UHLAR - fantomas wrote:
> Hello,
>
> I wonder if SPF rules shouldn't be considered network... they require DNS
> lookups, don't they?
>   
Yes. Network related.

Re: aren't SPF_ rules network?

Posted by Justin Mason <jm...@jmason.org>.
yes.  If they're not marked as such, that's a bug...

On Fri, Feb 29, 2008 at 6:11 PM, Matus UHLAR - fantomas
<uh...@fantomas.sk> wrote:
> Hello,
>
>  I wonder if SPF rules shouldn't be considered network... they require DNS
>  lookups, don't they?
>  --
>  Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
>  Warning: I wish NOT to receive e-mail advertising to this address.
>  Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>  Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...
>
>

Re: aren't SPF_ rules network?

Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
On 29/02/2008 1:11 PM, Matus UHLAR - fantomas wrote:
> Hello,
> 
> I wonder if SPF rules shouldn't be considered network... they require DNS
> lookups, don't they?

Network, no... the rules just need a suitable message, SA and a Perl
interpreter. :)

Seriously though, the SPF plugin (in 3.2+) can reuse the results from
Received-SPF headers, if present, without doing any lookups itself.  So
it's not strictly a DNS based test itself.

The plugin will not attempt lookups if you do not have network checks
enabled (not using scoresets 1 or 3).  It will only attempt to reuse
results.

If you do have network checks enabled, it will attempt to get results
from the network if there are no results to reuse.

>From the M::SA::P::SPF POD:
>        ignore_received_spf_header (0|1)   (default: 0)
>            By default, to avoid unnecessary DNS lookups, the plugin will try to use the SPF results found in any "Received-SPF" headers it finds in the
>            message that could only have been added by an internal relay.
> 
>            Set this option to 1 to ignore any "Received-SPF" headers present and to have the plugin perform the SPF check itself.
> 
>            Note that unless the plugin finds an "identity=helo", or some unsupported identity, it will assume that the result is a mfrom SPF check result.
>            The only identities supported are "mfrom", "mailfrom" and "helo".
> 
>        use_newest_received_spf_header (0|1)    (default: 0)
>            By default, when using "Received-SPF" headers, the plugin will attempt to use the oldest (bottom most) "Received-SPF" headers, that were added
>            by internal relays, that it can parse results from since they are the most likely to be accurate.  This is done so that if you have an incoming
>            mail setup where one of your primary MXes doesn't know about a secondary MX (or your MXes don't know about some sort of forwarding relay that
>            SA considers trusted+internal) but SA is aware of the actual domain boundary (internal_networks setting) SA will use the results that are most
>            accurate.
> 
>            Use this option to start with the newest (top most) "Received-SPF" headers, working downwards until results are successfully parsed.

Daryl

Re: aren't SPF_ rules network?

Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
On 29/02/2008 2:05 PM, Theo Van Dinter wrote:
> On Fri, Feb 29, 2008 at 07:11:05PM +0100, Matus UHLAR - fantomas wrote:
>> I wonder if SPF rules shouldn't be considered network... they require DNS
>> lookups, don't they?
> 
> Yes, DNS is required.

Only if there aren't Received-SPF headers to reuse results from (in 3.2
or later).

>  What makes you think that SPF isn't considered a
> network test though?  Right in the code is:
> 
>   return unless $scanner->is_dns_available();

Which comes after the attempt to reuse the Received-SPF headers.

> Also, the rules are listed as net rules:
> 
> tflags SPF_FAIL               net
> [...]
> tflags SPF_HELO_SOFTFAIL      net

In trunk they are again (jm's r596095).  Before that they weren't, and
still aren't in the 3.2 branch (my r588457).

Now I'm not sure what to do.  We need to generate scores for the rules
for set0 (so they shouldn't have tflags net) but those scores probably
aren't going to be very accurate since I don't think many of the
mass-check contributors have Received-SPF headers in their mail.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5842

Daryl

Re: aren't SPF_ rules network?

Posted by Theo Van Dinter <fe...@apache.org>.
On Fri, Feb 29, 2008 at 07:11:05PM +0100, Matus UHLAR - fantomas wrote:
> I wonder if SPF rules shouldn't be considered network... they require DNS
> lookups, don't they?

Yes, DNS is required.  What makes you think that SPF isn't considered a
network test though?  Right in the code is:

  return unless $scanner->is_dns_available();

which validates the local-only (-L) option, etc:

  goto done if ($self->{main}->{local_tests_only});


Also, the rules are listed as net rules:

tflags SPF_FAIL               net
[...]
tflags SPF_HELO_SOFTFAIL      net

-- 
Randomly Selected Tagline:
"Lotus won't work, it uses a bunch of db files" (Microsoft pre-1998)
 "We reorganized Exchange 2000 to scale by using multiple DB files!"
                                                (Microsoft in 2000).