David Summers wrote:
>
> Today I noticed that I got some SPAM to root user that said it was from
> root at my host. This shouldn't be possible because SPF should be
> checking and rejecting forged mail that says it comes from my host when
> it really comes from somewhere else.
>
> I turned on debugging and found the following problem in the code and
> generated this patch which "fixed" the problem.
>
> --- sender_permitted_from 2007/11/07 04:01:58 1.1
> +++ sender_permitted_from 2007/11/07 04:03:18
> @@ -74,7 +74,9 @@
> my ($self, $transaction, $rcpt, %param) = @_;
>
> # special addresses don't get SPF-tested.
> - return DECLINED if $rcpt and $rcpt->user and $rcpt->user =~
> /^(?:postmaster|abuse|mailer-daemon|root)$/i;
> + # Check is turned off. Why should we disable SPF for special users
> + # which allows SPAM through?
> + # return DECLINED if $rcpt and $rcpt->user and $rcpt->user =~
> /^(?:postmaster|abuse|mailer-daemon|root)$/i;
>
> my $query = $transaction->notes('spfquery');
>
>
> Question: Isn't this the correct thing to do? (Not allow foreign users
> to forge addresses?) Why would anyone want to allow anyone else to
> forge special addresess? I'm getting several SPAM emails a day that are
> being allowed through because of this.
To state the obvious, the above code turns off SPF checking when the
recipient is one of the above accounts.
> In researching it, I saw a comment about RFC 2142 which states that
> there have to be special addresses allowed, postmaster, root, etc., but
> not allowing them to pass the SPF check doesn't prevent a valid sender
> from sending email to those addresses, SPF check will only prevent
> invalid (forged) mail.
> Am I missing something?
The rabid belief by some that RFC2142 mandated addresses MUST NOT be
filtered under any circumstances. Including people who misinterpret SPF
records ;-) [We publish ~all, some people interpret email .forwarded
thru something not in the SPF record to be forged and bounce it.]
