http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5567
[EMAIL PROTECTED] changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From [EMAIL PROTECTED] 2007-07-18 22:53 -------
(In reply to comment #0)
> A correctly configured SPF record may look like this:
>
> example.com "v=spf1 mx ?all"
> server1.example.com "v=spf1 -all"
>
> The above indicates that emails of the format [EMAIL PROTECTED] are
> valid (when originating from the MX servers for example.com), but
> emails of the format [EMAIL PROTECTED] never exist.
Not quite accurate (emails "of the format [EMAIL PROTECTED]" could
exist), but sure.
> Spamassassin is incorrectly using the mail server SMTP greeting's
> host name to query SPF records for email address domains, however, in
> almost all cases, the server's host name is not an acceptable suffix
> for email addresses.
Uh, no it is not. SA uses the mail from, found in a return-path or similar
header field value, as it should.
> In order to verify a server HELO domain via SPF - you need to
> A) look up the MX servers for the MAIL FROM domain
> B) consider only such servers as those that are authorized in the SPF
> record for the MAIL FROM domain,
> C) and check that the HELO domain is one of those MX servers.
Uh, no. Please quote the relevant sections of RFC 4408 that define such a
method.
> Depending on whether or not the MAIL FROM domain's SPF record includes
> A or PTR or IP4/IP6 addresses - processing in step (C) may be more
> complicated.
>
> There is no such thing as an SPF record for a mail server hostname,
> only for email address domains, thus the need for the several
> processing steps needed to do a verification.
That's not accurate at all.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
