julian at mehnle
Jul 14, 2007, 5:18 PM
Post #1 of 1
(1558 views)
Permalink
|
|
Implicit vs. explicit HELO check on empty MAIL FROM (was: Patches from Robert Millan)
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Magnus Holmgren wrote:
> On Saturday 14 July 2007 15:32, Julian Mehnle wrote:
> > Mail::SPF's approach is more formal in that it does not automatically
> > switch over to checking the HELO identity in case of the MAIL FROM
> > identity being empty. Rather, there is only one identity argument
> > (not "mfrom" + "helo"), and Mail::SPF requires you to check for
> > yourself whether MAIL FROM is empty and then pass the HELO identity to
> > make a "postmaster@<HELO>" check.
>
> The RFC specifies that the MAIL FROM identity MUST be checked, and that
> the MAIL FROM identity is defined as postmaster@(HELO-id) when the
> return path is null (<>). It'd seem convenient to me if libspf2
> automatically did what was required.
Sure, no objections. It seems to be merely a matter of preference.
> > (Note in particular that RFC 4408 does not require implementations
> > to automate this. I think it's cleaner if they don't.)
>
> Can you point out precisely where it doesn't require that? :-)
>
> Seriously though, it talks about "implementations" and "SPF clients"
> that MUST or SHOULD do things in specified ways, but that doesn't say
> anything about what should be done in the library and what should be
> done in the applications.
Exactly.
> However, I don't quite understand the difference between a HELO id check
> and MAIL FROM check with a null return path.
Conceptually, there is no difference.
> [...] In this light it seems appropriate for the application to follow
> the Mail::SPF::Request instructions.
Well, it's just a slightly different design, which I modeled after how, in
my opinion, the SPF spec _should_ have been written. But it's equivalent
in effect.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGmWf0wL7PKlBZWjsRAh+lAJ9UbrZ50/hXsZz9xwyaMXR/7nCpIwCdFGad
hnNtM//8YyQEjQfIik010So=
=TAZa
-----END PGP SIGNATURE-----
-------------------------------------------
-----------------------------------------------------------------------
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311533&id_secret=22220040-1fb5c8
Powered by Listbox: http://www.listbox.com
|
