[milters] Archive

Lists Index Date Thread Search

Article: 1781
From: Jim Hermann - UUN Hostmaster
Date: 2007-10-14 15:16:21 -0400
Subject: Header placement for milter-spiff

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support

Is there some way to move the Received-SPF: Headers to above the Received:

Otherwise, Mail::SpamAssassin::Plugin::SPF does not recognize the
Received-SPF: Headers as being Internal Headers.

According to http://www.openspf.org/RFC_4408#header-field

"The Received-SPF header field is a trace field (see RFC 2822 Section 3.6.7)
and SHOULD be prepended to the existing header, above the Received: field
that is generated by the SMTP receiver. It MUST appear above all other
Received-SPF fields in the message."

Also, FWIW, milter-spiff is ignoring the Maximum DNS-interactive terms limit
which defaults to 10.  

According to

=item B<max_dns_interactive_terms>

An I<integer> denoting the maximum number of terms (mechanisms and
per SPF check that perform DNS look-ups, as defined in RFC 4408, 10.1,
paragraph 6.  If B<undef> is specified, there is no limit on the number of
terms.  Defaults to B<10>, which is the value defined in RFC 4408.

A value above the default is I<strongly discouraged> for security reasons.
value below the default has implications with regard to the predictability
SPF results.  Only deviate from the default if you know what you are doing!

For example, try ebay.com at http://www.kitterman.com/getspf.py

Input accepted, querying now...

SPF records are primarily published in DNS as TXT records. The TXT records
found for your domain are:

v=spf1 mx include:s._spf.ebay.com include:m._spf.ebay.com
include:p._spf.ebay.com include:c._spf.ebay.com ~all
spf2.0/pra mx include:s._sid.ebay.com include:m._sid.ebay.com
include:p._sid.ebay.com include:c._sid.ebay.com ~all

SPF records should also be published in DNS as type SPF records. This is new
and most implementations do not support it yet.
No type SPF records found.

Checking to see if there is a valid SPF record. 

Found v=spf1 record for ebay.com 
v=spf1 mx include:s._spf.ebay.com include:m._spf.ebay.com
include:p._spf.ebay.com include:c._spf.ebay.com ~all 

Results - PermError SPF Permanent Error: Too many DNS lookups 

Jim Hermann <hostmaster@UUism.net>
UUism Networks <http://www.UUism.net>
Ministering to the Needs of Online UUs
Web Hosting, Email Services, Mailing Lists

Lists Index Date Thread Search