------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=996
Nigel Metheringham <nigel@???> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|Exim 4.72 |Exim 4.73
--- Comment #1 from Andreas Metzler <eximusers@???> 2010-06-06 09:43:22 ---
On 2010-06-05 Thanassis Tsiodras <ttsiodras@???> wrote:
[...]
> By grep-ing in my cPanel's (v.11) exim_mainlog, I can see that the
> SPF checks I added for my company's domain (semantix.gr) are
> working:
[...]
> However, some of these mails, with "forged froms" that supposedly originate
> from my company, DO pass exim's SPF checks:
[...]
> 2010-06-05 10:23:48 1OKuHr-00025w-TD <= obson@???
> H=cuscon77544.tstt.net.tt (cuscon79293.tstt.net.tt) [190.58.182.10] P=smtp
> S=1334
> 2010-06-05 10:23:49 1OKuHr-00025w-TD => ttsiodras <ttsiodras@???>
[...]
> Exim says in the log that the mail's "From" was
> "obson@???" - but in fact, the actual spam I received has
> these headers, impersonating myself sending to myself, with
> "obson@???" only referred in the "Return-path"... (does
> this mean that Exim uses "Return-path" instead of "From" during the
> SPF checks?
[...]
Indeed SPF in general and exim's implementation checks the Envelope From
("MAIL FROM"), but not the "From:" header.
See
http://www.openspf.org/Related_Solutions
cu andreas
PS: I am sending this by mail since bugs.exim.org seems to be down.
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email