[milters] Archive

Lists Index Date Thread Search

Article: 1781
From: Jim Hermann - UUN Hostmaster
Date: 2007-10-14 15:16:21 -0400
Subject: Header placement for milter-spiff

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Is there some way to move the Received-SPF: Headers to above the Received:
Header?

Otherwise, Mail::SpamAssassin::Plugin::SPF does not recognize the
Received-SPF: Headers as being Internal Headers.

According to http://www.openspf.org/RFC_4408#header-field

"The Received-SPF header field is a trace field (see RFC 2822 Section 3.6.7)
and SHOULD be prepended to the existing header, above the Received: field
that is generated by the SMTP receiver. It MUST appear above all other
Received-SPF fields in the message."

Also, FWIW, milter-spiff is ignoring the Maximum DNS-interactive terms limit
which defaults to 10.  

According to
http://search.cpan.org/src/JMEHNLE/Mail-SPF-v2.005/lib/Mail/SPF/Server.pm

=item B<max_dns_interactive_terms>

An I<integer> denoting the maximum number of terms (mechanisms and
modifiers)
per SPF check that perform DNS look-ups, as defined in RFC 4408, 10.1,
paragraph 6.  If B<undef> is specified, there is no limit on the number of
such
terms.  Defaults to B<10>, which is the value defined in RFC 4408.

A value above the default is I<strongly discouraged> for security reasons.
A
value below the default has implications with regard to the predictability
of
SPF results.  Only deviate from the default if you know what you are doing!

For example, try ebay.com at http://www.kitterman.com/getspf.py

Input accepted, querying now...

SPF records are primarily published in DNS as TXT records. The TXT records
found for your domain are:

v=spf1 mx include:s._spf.ebay.com include:m._spf.ebay.com
include:p._spf.ebay.com include:c._spf.ebay.com ~all
spf2.0/pra mx include:s._sid.ebay.com include:m._sid.ebay.com
include:p._sid.ebay.com include:c._sid.ebay.com ~all


SPF records should also be published in DNS as type SPF records. This is new
and most implementations do not support it yet.
No type SPF records found.

Checking to see if there is a valid SPF record. 

Found v=spf1 record for ebay.com 
v=spf1 mx include:s._spf.ebay.com include:m._spf.ebay.com
include:p._spf.ebay.com include:c._spf.ebay.com ~all 

evaluating...
Results - PermError SPF Permanent Error: Too many DNS lookups 

Jim
-----
Jim Hermann <hostmaster@UUism.net>
UUism Networks <http://www.UUism.net>
Ministering to the Needs of Online UUs
Web Hosting, Email Services, Mailing Lists
-----


Lists Index Date Thread Search