[conspire] Machine rebuild happened on Feb. 1

William R Ward bill at wards.net
Tue Feb 8 18:21:41 PST 2005


Rick Moen writes:
>There were predictable gotchas:  Doing SMTP-time rejection of spam is
>something of a cutting-edge effort.  It turned out, disappointingly,
>that the SPF daemon, designed to determine if the envelope-sender IP
>address is an authorised mail exchanger (MX) for the alleged sending
>domain, suffers a severe case of the stupids:  The thing doesn't check
>the envelope "From" header (as it should), but rather the interior 
>"From:" header.  
>
>Most of you probably won't quite realise what a bonehead move _that_ is,
>but it's a doozy.  I disabled SPF-checking in my Exim4 configuration in
>a hurry.  We'll look in on that in a year or two, after they've acquired
>clue.

I'm not sure it's as boneheaded as you think.  The purpose of SPF as I
understand it is to verify that the sender is who they claim to be.
So you would look at the "From:" header to find out who they claim to
be, then look for SPF records in that address's domain to see if the
host you got the email from is authorized to send email for that
domain.  This prevents junk mail from being sent by compromised
machines forged to be someone else, because that someone else won't
have authorized the compromised machine to send their email.

--Bill.

-- 
William R Ward               bill at wards.net             http://bill.wards.net
-----------------------------------------------------------------------------
   Help save the San Jose Earthquakes - http://www.soccersiliconvalley.com/




More information about the conspire mailing list