Ben Kennedy writes:
Hey all,I received a piece of spam tonight, to myself from myself (supposedly). I don't understand the SPF check: for the MAILFROM test, it indicates[EMAIL PROTECTED] (result "none"). However, the From: is clearly [EMAIL PROTECTED], which would have failed since I have SPF records for zygoat.ca. Where did the zyberphar.com domain come from?
The SMTP MAIL FROM command.
I thought the MAILFROM
SPF check matched against the From: field.
No, BOFHSPFMAILFROM checks the SMTP MAIL FROM command. BOFHSPFFROM checks the From: field. The courier man page makes this distinction clear:
opt BOFHSPFMAILFROM=keywords
Use Sender Policy Framework to verify the return address in the
MAIL FROM command sent by the connecting SMTP client. See
Sender Policy Framework Keywords below for a list of possible
keywords.
Note
No SPF checking is done for if the MAIL FROM command specifies
an empty return address (a bounce). ThereĀ“s nothing to check.
opt BOFHSPFFROM=keywords
Use Sender Policy Framework to verify the return address in the
From: header. See Sender Policy Framework Keywords below for
important information, and a list of possible keywords.
pgpCLy1R0MP73.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
