[lug] Postfix/spam reality check question..
Lee Woodworth
blug-mail at duboulder.com
Wed Dec 1 14:00:27 MST 2004
Chip Atkinson wrote:
> Thanks for the reply. From the header, it doesn't look like it's
> forwarded. It's certainly not from an MTA/MUA that is friendly and above
> board. The weird thing is the "To:" is totally wrong. That's why I
> thought a message like this would have been rejected.
I finished reading the SPF white paper. I don't think that SPF (non-MS
infected versions) checks mime headers (From:, To:, Reply-To: etc). It
checks against the EHLO and MAIL FROM (Return-Path:) command values.
The thing to know about SPF is it only makes definitive pass/fail
decisions when a domain publishes SPF info in their DNS. Otherwise it
can't tell whether something is a forgery. Neither ix.netcom.com or
bluewin.ch are publishing a DNS TXT record with spf info, so the safe
thing for SPF to do is classify it is unknown and let it through. You
need SPF to let unknown through otherwise all mail from non-spf
publishing domains would be blocked (e.g. ibm.com, epa.gov, comcast.net).
>
> Return-Path: <mrbarton at ix.netcom.com>
> X-Original-To: chip at pupman.com
> Delivered-To: chip at pupman.com
> X-Greylist: delayed 1690 seconds by postgrey-1.16 at poodle; Wed,
> 01 Dec 2004 10:55:51 MST
> Received: from mx8.bluewin.ch (mx8.bluewin.ch [195.186.4.211])
> by poodle.pupman.com (Postfix) with ESMTP id 23712F659
> for <chip at pupman.com>; Wed, 1 Dec 2004 10:55:51 -0700 (MST)
> Received: from localhost (81.63.52.189) by mx8.bluewin.ch (Bluewin AG
> 7.0.030.2)
> id 41A198D8004EF949; Wed, 1 Dec 2004 17:27:35 +0000
> From: <mrbarton at ix.netcom.com>
> Reply-To: <mrbarton at ix.netcom.com>
> X-Priority: 3 (Normal)
> X-MailScanner: Found to be clean
> Subject: Re: Hi, po heres the document
> To: <po at bluemail.ch>
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="dGDWmEQjIJmigFBYYLvtAsSDIOvydonm"
> Message-Id: <20041201175551.23712F659 at poodle.pupman.com>
More information about the LUG
mailing list