Szerző: Dan_Mitton Dátum: Címzett: Peter Bowyer CC: Exim users mailing list Tárgy: Re: [exim] Experimental SPF spec...
>> >> It seems to be a glaring omission that you can't use libspf2 in the HELO >> ACL. It seems like this is an Exim deficiency or am I missing something? >> Can the experimental SPF Exim spec be enlarged to include maybe something >> like an 'spf-helo' check which would be usable in the HELO ACL?
>>
>> Comments?
>
>The SPF project currently can't make up its mind whether to recommend
>checking of the HELO independently of the MAIL FROM. When the Exim
>implementation was written (before RFC4408), the recommendation was to
>check HELO only in the case of null senders - which you don't know
>until the MAIL ACL of course. The Exim implementation will follow this
>recommendation (at least, that's how I read the code).
>
>4408's wording is a bit unclear, and the project is debating what
>should be done about it.
>
>In the meantime, the Exim implementation doesn't provide fine-grained
>access to the libspf2 library in order to check HELO independently of
>MAIL FROM. So using it at HELO time is moot.
>
It seems like it would only take a couple little "tweaks" of the code to
implement a 'spf_helo' [I found out '-' doesn't work :( ] check that could
work in the HELO ACL (I think I have something workable). This would at
least give people the option. From what I'm seeing on the SPF discussion
lists, it seems like checking at HELO is becoming more popular.
>I was wondering if I had time to look at using perl calls to the new
>Mail::SPF module to have a bit more of a play......
>
I started with the perl Mail:SPF modules and had everything working, HELO
included, but I was getting occasional problems connecting to the spfd. I
know that I'm running on a very tiny machine and that might be the
problem. That's why I started looking into the integrated libspf2
solution.
>Peter
>
>--
>Peter Bowyer
>Email: peter@???