It seems that SPF cache enabled can lead into great spam hole.
There is no domain field in SPF cache db, so it will pass spammer when
1) First, he sends spam with 'From:' using domain that will not fail
his IP. assp will cache it as not-fail.
2) Then spammer can send a spam `from' e-mail address with strict SPF
policy and ASSP will pass it because it finds spammer's IP address in
cache with non-fail status.
That is the only way I can explain this result:
Received: from mail.moee.gov.eg ([196.219.2.151] helo=mail.moee.gov.eg) by
<<<<<-------- assp is on napoli.lan
napoli.lan; 20 Jan 2008 08:25:02 +0300
Received: from statya.ru ([193.100.100.103])
by mail.moee.gov.eg (Lotus Domino Release 6.0)
with SMTP id 2008012007315000-330 ;
Sun, 20 Jan 2008 07:31:50 +0200
Subject:
=?Windows-1251?B?ys7Qz87QwNLIws3bySDRwMnSIJYgzM7Zzc7FINHQxcTR0sLOIM/QzsTCyMbFzcjfINPRz8XYzc7DziDByMfNxdHA?=
From: =?Windows-1251?B?wv/35fHr4OIgzOj14Onr7uI=?= <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Reply-To: <[EMAIL PROTECTED]>
X-MIMETrack: Itemize by SMTP Server on server1/moee(Release 6.0|September 26,
2002) at
01/20/2008 07:31:50 AM,
Serialize by Router on server1/moee(Release 6.0|September 26, 2002) at
01/20/2008
07:33:29 AM,
Serialize complete at 01/20/2008 07:33:29 AM
Date: Sun, 20 Jan 2008 07:31:50 +0200
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/html;
charset="windows-1251"
X-Assp-Received-SPF(cache): neutral
X-Assp-Received-URIBL: pass
X-Assp-Tag: Bayesian
...
So SPF result is 'neutral' though spf policy stands that it must be failed!
--
Boris Lytochkin,
JCS e-port, Moscow
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
