Daniel Pittman wrote: > Erik de Castro Lopo <[EMAIL PROTECTED]> writes: > > > During testing I realised that SPF or at least this implementation I > > am using has a serious flaw that will result in mail that should be > > blocked by SPF actually getting through. > > If you don't mind, what implementation flaw?
When postfix asks the SPF policy module to validate an email, it does so using the info from the HELO/EHLO and MAIL FROM parts of the SMTP transaction and does not look at the From file of the actual email headers. Since its perfectly legal for the connecting MTA to say "HELO <ip address>" and "MAIL FROM: <>" either of these two walks right past the Postfix SPF implementation. <snip> Thanks for the rest. I still need time to digest it. Erik -- ----------------------------------------------------------------- Erik de Castro Lopo ----------------------------------------------------------------- Heisenbugs - The bugs that go away when you turn on debugging. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
