Re: [courier-users] renaming Received-SPF: to Old-Received-SPF:

Fri, 01 Apr 2011 07:26:56 -0700 

On 01/Apr/11 12:59, Sam Varshavchik wrote:
> Matus UHLAR - fantomas writes:
> 
>> I'm fine with Received-SPF being renamed when mail is received from
>> untrusted host. But for mail received from our (trusted) mail backups:
>> - the SPF check will apparently fail (thus I better turn if off)
>> - I could trust the SPF headers made by them, but they get renamed
>> to Old-

I have a header entry like this

  Authentication-Results: wmail.tana.it;
    spf=pass smtp.mailfrom=lists.sourceforge.net

added on top by zdkimfilter.  If "wmail.tana.it" was the name of your
backup mx, trust would derive from having such entry in the topmost
position when you receive the message (a server should kill spoofed
headers bearing its name.)

>> I think the SPF check done by courier doesn't care if the mail
>> is received from mail backup of recipient's domain. (This could
>> be problem for multiple recipients).
> 
> Correct. A mail gets received from some IP address. The IP address
> does not get to wear a name badge that says "I am trusted".

That badge is the Authentication-Results.  Such field is designed to
accumulate on the header top, much like Received fields.  Section 7.1
of RFC 5451 proposes various solutions to avoid possible forgeries.

> The renaming of Received-SPF: only happens when SPF checking is used.
> If BOFHSPFHELO, BOFHSPFMAILFROM and BOFHSPFFROM are set to "off", it
> should not get renamed. Therefore, if you enable SPF checking on all
> your incoming mail servers, and if they forward their mail to internal
> end-delivery hosts which are not configured to use SPF checking, then
> the Received-SPF: headers inserted by the receiving servers should
> rename intact.

Otherwise, if the server is not internal and checks SPF, backup MXes
should be whitelisted.

-- 



























------------------------------------------------------------------------------
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself; 
WebMatrix provides all the features you need to develop and 
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to