On 25.09.2017 14:45, Heiko Schlittermann via Exim-users wrote:
Hi,
Hardy <[email protected]> (Mo 25 Sep 2017 09:17:34 CEST):
Hi,
and clearly does not include localhost. So passing messags from
localhost might be a feature of SPF in general or of the implementation
in Exim.
I wouldn't think localhost is handled special by SPF, but usually (in
standard- and example configs) you have a very early rule ACCEPTing existing
local users, before it does any "expensive" (netwise: DNS lookup etc.)
actions. In this case your SPF is not even tested, which is the aim of this
rule. You wouldn't want to greylist internal addresses either, would you?
The debug output of my test session from localhost to localhost shows
that SPF was in use and gave 'pass' to localhost (with some note about
"localhost is always allowed")
The string "localhost is always allowed." can be found in libspf2.a
So this is wanted by exim! I did not check what SPF specs say about it,
but this would mean, my local users CAN forge sender addresses?! Does
this make sense?!
RFC
Hardy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
