[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SPF and senderokwithdns
- To: ZMailer Mailing List <firstname.lastname@example.org>
- Subject: Re: SPF and senderokwithdns
- From: "Mariano Absatz" <email@example.com>
- Date: Tue, 13 Jul 2004 11:49:40 -0300
- In-reply-to: <3DFD0E385303F649AB7C31D651DEDD001B10B4@mafalda.pert.com.ar>
- Organization: Pert Consultores
- Original-Recipient: rfc822;firstname.lastname@example.org
- Sender: email@example.com
El 13 Jul 2004 a las 8:55, Eugene Crosser escribió:
> On Tue, 2004-07-13 at 14:36 +0300, Matti Aarnio wrote:
>>> with your today's change, senderokwithdns check in pt_mailfrom is the
>>> very last, and it is not done if the sender is "authorized". Is it what
>>> was your intention? I think that if one wants to disallow unroutable
>>> "mail from", he wants to do that for all, authorized and non-authorized
>>> senders. And therefore the check should be done very early, maybe even
>>> before "if (state->full_trust) return 0;" around the line 1704.
>> It is a wee bit complicated thing indeed..
>> When the matter is about remote SPF publisher, who want to be
>> protected, then things are as you say, but when it is about
>> _local_ SPF set, then e.g. users must be able to send out
>> from where-ever they are, as long as they have authenticated..
> Wait, wait! I am not talking about SPF. SPF is at the right place now.
> My note was about senderokwithdns, i.e. validity of "mail from" provided
> by the client. I think that this check should be done regardless of all
> others, should it?
I agree with Eugene on this one... I don't want non-routable return paths
whether the user authenticated or not...
Programming is a Dark Art, and it will always be. The programmer is
fighting against the two most destructive forces in the universe:
entropy and human stupidity. They're not things you can always
overcome with a "methodology" or on a schedule.
-- Damian Conway, Perl Guru
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to firstname.lastname@example.org