On 2009-02-14 07:56, Alessandro Vesely wrote:
Courier's SPF implementation is not strictly rfc4408-compliant.
nevareth wrote on Wed, 04 Feb 2009 21:10:44 -0500:
[... the case of SPF string having mx:name.without.mx.example ...]
http://www.gossamer-threads.com/lists/engine?do=post_view_flat;post=30414;page=1;sb=post_latest_reply;so=ASC;mh=25;list=spf
[...]
courier-mta errors out when this happens and the mail gets a 417
SPF error message.
In this case Courier issues an error, where it could possibly have
issued a fail. IMHO sensible configurations should only reject mail
when a clear and loud *fail* results from SPF checking. Therefore I
classify this case as a MISS. It corresponds to to test 7/21 of
scenario 9 in OpenSPF's Test Suite http://www.openspf.org/Test_Suite
Yaml is a readable format, so please refer to that text for details
about specific tests.
Yes, certainly it should be a fail. There is nothing to give it a pass
at this point but the search should continue looking for a pass. As it
stands it stops looking because of the error.
In the following, WRONG is the converse case, where Courier issues a
fail when it shouldn't, and DIFF are differences involving equivalent
result codes.
I paste the result of running the whole suite, so that we know where
we are. More comments below.
[...]
I think the 10 wrongly issued fail are the most urgent fix. I will
look into them as soon as I have time.
I agree with this but it is the nxdomain error that I am regularly
seeing. It currently makes it impossible for me to activate SPF on my
mail server.
A couple of domains that currently cause the mx (nxdomain) error.
ebay.com
cogeco.ca
Since I am in southern Ontario I regularly get mail from cogeco.ca and
of course ebay sends a few too.
To get a fully compliant implementation will require using the SPF
RR type. I'd propose to have a BOFH variable to enable such queries.
It should stay disabled until there is a wide diffusion of DNSs that
support it (I've heard SPF RR type queries may cause delays.)
SPF may undergo some slight amendment when a new protocol spec
aiming at standard track will be issued. I hope we'll have a
compliant version by that time.
Thanks
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
