package rmilter
forwarded 779253 https://github.com/vstakhov/rmilter/issues/20
thanks
On Wed, Feb 25, 2015, at 23:05, Scott Kitterman wrote:
> Package: rmilter
> Version: 1.6.1
> Severity: normal
> Tags: upstream
>
> Dear Maintainer,
>
> If you look at src/spf.c you'll see the following code snippet:
>
> /* No domain part in envfrom field - do not make spf check */
> if (domain_pos == NULL) {
> return 1;
> }
>
> This is not the correct behavior for the SPF protocol. If you look at
> RFC
> 7208 section 2.4 (the second paragraph), it says:
>
> [RFC5321] allows the reverse-path to be null (see Section 4.5.5 in
> [RFC5321]). In this case, there is no explicit sender mailbox, and
> such a message can be assumed to be a notification message from the
> mail system itself. When the reverse-path is null, this document
> defines the "MAIL FROM" identity to be the mailbox composed of the
> local-part "postmaster" and the "HELO" identity (which might or might
> not have been checked separately before).
>
> Rather than simply return in this case, rmilter should retrieve the
> remote
> host's HELO/EHLO identity and perform the check with postmaster@HELO.
>
> Note: Although RFC 7208 is fairly recent, the requirement was the same in
> its
> predecessor RFC 4408.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]