[exim-dev] [Bug 996] SPF checks work sometimes, but not alwa…

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 996] SPF checks work sometimes, but not always
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=996

Nigel Metheringham <nigel@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|Exim 4.72                   |Exim 4.73





--- Comment #1 from Andreas Metzler <eximusers@???> 2010-06-06 09:43:22 ---
On 2010-06-05 Thanassis Tsiodras <ttsiodras@???> wrote:
[...]
> By grep-ing in my cPanel's (v.11) exim_mainlog, I can see that the
> SPF checks I added for my company's domain (semantix.gr) are
> working:

[...]
> However, some of these mails, with "forged froms" that supposedly originate
> from my company, DO pass exim's SPF checks:


[...]
> 2010-06-05 10:23:48 1OKuHr-00025w-TD <= obson@???
> H=cuscon77544.tstt.net.tt (cuscon79293.tstt.net.tt) [190.58.182.10] P=smtp
> S=1334
> 2010-06-05 10:23:49 1OKuHr-00025w-TD => ttsiodras <ttsiodras@???>

[...]
> Exim says in the log that the mail's "From" was
> "obson@???" - but in fact, the actual spam I received has
> these headers, impersonating myself sending to myself, with
> "obson@???" only referred in the "Return-path"... (does
> this mean that Exim uses "Return-path" instead of "From" during the
> SPF checks?

[...]

Indeed SPF in general and exim's implementation checks the Envelope From
("MAIL FROM"), but not the "From:" header.

See http://www.openspf.org/Related_Solutions

cu andreas

PS: I am sending this by mail since bugs.exim.org seems to be down.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email