Today I noticed that I got some SPAM to root user that said it was from
root at my host. This shouldn't be possible because SPF should be
checking and rejecting forged mail that says it comes from my host when it
really comes from somewhere else.
I turned on debugging and found the following problem in the code and
generated this patch which "fixed" the problem.
--- sender_permitted_from 2007/11/07 04:01:58 1.1
+++ sender_permitted_from 2007/11/07 04:03:18
@@ -74,7 +74,9 @@
my ($self, $transaction, $rcpt, %param) = @_;
# special addresses don't get SPF-tested.
- return DECLINED if $rcpt and $rcpt->user and $rcpt->user =~
/^(?:postmaster|abuse|mailer-daemon|root)$/i;
+ # Check is turned off. Why should we disable SPF for special users
+ # which allows SPAM through?
+ # return DECLINED if $rcpt and $rcpt->user and $rcpt->user =~
/^(?:postmaster|abuse|mailer-daemon|root)$/i;
my $query = $transaction->notes('spfquery');
Question: Isn't this the correct thing to do? (Not allow foreign users to
forge addresses?) Why would anyone want to allow anyone else to forge
special addresess? I'm getting several SPAM emails a day that are being
allowed through because of this.
I'm going to go ahead and turn it off on my machine but is there any
reason to allow special addresses through the SPF trap? (I can't think of
any).
In researching it, I saw a comment about RFC 2142 which states that there
have to be special addresses allowed, postmaster, root, etc., but not
allowing them to pass the SPF check doesn't prevent a valid sender from
sending email to those addresses, SPF check will only prevent invalid
(forged) mail.
Am I missing something?
--
David Wayne Summers "Linux: Because reboots are for hardware upgrades!"
[EMAIL PROTECTED] PGP Key: http://summersoft.fay.ar.us/~david/pgp.txt
PGP Key fingerprint = 0B44 B118 85CC F4EC 7021 1ED4 1516 5B78 E320 2001
