Mailing List Archive: SpamAssassin: devel

[Bug 5842] Should SPF rules be "tflags net" or not?

Index | Next | Previous | View Threaded

bugzilla-daemon at bugzilla

Nov 3, 2009, 6:07 PM

Post #1 of 2 (149 views)
Permalink

[Bug 5842] Should SPF rules be "tflags net" or not?

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5842

Matthew Schumacher <matt.s[at]aptalaska.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |matt.s[at]aptalaska.net

--- Comment #7 from Matthew Schumacher <matt.s[at]aptalaska.net> 2009-11-03 18:07:52 UTC ---
I figured I would add a few thoughts since I'm working this issue in my mail
system now.

I think that this should be set to "tflags net" even if SA doesn't need to go
do the actual lookup. The reason is because sometimes it's reasonable to omit
the network rules for reasons other than performance. Suppose you want to
allow a user to authenticate and relay without worrying about RBLs, SPF, or
other network tests, but you don't want to completely omit the message from SA
either. In this case turning off network tests works well, but only if SPF is
a network test. If it isn't a network test, then the authenticated user will
get hit with SPF rules unless you whitelist your domain which isn't desirable
for other reasons.

schu

--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

bugzilla-daemon at bugzilla

Nov 12, 2009, 6:41 PM

Post #2 of 2 (98 views)
Permalink

[Bug 5842] Should SPF rules be "tflags net" or not? [In reply to]

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5842

Daryl C. W. O'Shea <spamassassin[at]dostech.ca> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |spamassassin[at]dostech.ca

--- Comment #8 from Daryl C. W. O'Shea <spamassassin[at]dostech.ca> 2009-11-12 18:41:43 UTC ---
(In reply to comment #7)
> Suppose you want to
> allow a user to authenticate and relay without worrying about RBLs, SPF, or
> other network tests, but you don't want to completely omit the message from SA
> either. In this case turning off network tests works well, but only if SPF is
> a network test. If it isn't a network test, then the authenticated user will
> get hit with SPF rules unless you whitelist your domain which isn't desirable
> for other reasons.

SA provides numerous ways to detect that a user is authenticated. Turning off
net tests is not the correct, nor accurate, way to handle this situation.

--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com