David Nicol wrote:
On 6/30/05, Elliot F <[EMAIL PROTECTED]> wrote:
One could also use ldapdns, ldap2dns, mydns, etc... There are more mature
implementations of the idea. Anyway, it was another idea, on topic while John
was talking about methods of validating user addresses.
SPF is a very flexible protocol for validating user addresses through DNS.
SPF macro language makes it possible to construct a name containing any
information that is available at MAIL FROM time.
I hope that is not news to anyone reading this.
And one can certainly enforce spf against spoofers
of oneself. They tend to be sending viruses/trojans
which is why they risk getting caught on spf, because
their whole scam is based on social engineering of the
form of "claim to authority". As John pointed out, they
don't even have good spam to train on, only a virus
payload.
my $spf_query = $transaction->notes( 'spfquery' ) ;
my ( $spf ) = $spf_query->result2( $recipient->address )
if $spf_query ;
if ( $spf and $spf eq 'fail' ) {
my $more_spf_hosts = $self->qp->config( 'morercpthosts' , 'map' ) ;
my $helo = lc $self->qp->connection->hello_host ;
my @spf_hosts = &uniq ( $self->qp->config( "me" ) ,
$self->qp->config( "rcpthosts" ) ,
$more_spf_hosts->{ $helo } ) ;
my ( $spoofus , $denied_host , $from_host )
= ( 0 , 0 , $transaction->sender->host ) ;
for ( @spf_hosts ) {
$_ =~ s/^\s*(\S+)/$1/ ;
$denied_host = $_ ;
$spoofus = 1 if $helo =~ m/\Q$denied_host\E$/i
or $from_host =~ m/\Q$denied_host\E$/i ;
}
if ( $spoofus ) {
$self->log( LOGDEBUG , "SPooF claim-to-authority "
. "social-engineering attack" ) ;
return ( DENYHARD ) ;
}
}
sub uniq { my %u ; grep { ++$u{ $_ } == 1 and $_ } @_ }
-Bob Dodds
