[exim] Implementation of SPF - flaw?

Góra strony
Wiadomość jest częścią wątku:
M\pełne drzewo wątku posortowane wg daty
MM 
MHeiko Schlittermann at ->
Delete this message
Reply to this message
Autor: Hardy
Data:  
Dla: exim-users
Stare tematy: Re: [exim] Experimental SPF
Temat: [exim] Implementation of SPF - flaw?
On 25.09.2017 14:45, Heiko Schlittermann via Exim-users wrote:
> Hi,
>
> Hardy <bulk@???> (Mo 25 Sep 2017 09:17:34 CEST):
>> Hi,
>>> and clearly does not include localhost. So passing messags from
>>> localhost might be a feature of SPF in general or of the implementation
>>> in Exim.
>>
>> I wouldn't think localhost is handled special by SPF, but usually (in
>> standard- and example configs) you have a very early rule ACCEPTing existing
>> local users, before it does any "expensive" (netwise: DNS lookup etc.)
>> actions. In this case your SPF is not even tested, which is the aim of this
>> rule. You wouldn't want to greylist internal addresses either, would you?
>
> The debug output of my test session from localhost to localhost shows
> that SPF was in use and gave 'pass' to localhost (with some note about
> "localhost is always allowed")
>
> The string "localhost is always allowed." can be found in libspf2.a

So this is wanted by exim! I did not check what SPF specs say about it,
but this would mean, my local users CAN forge sender addresses?! Does
this make sense?!

RFC
Hardy



Wiadomość została wysłana do następujących list mailowych:
Exim-users
Informacja o liście mailowej | Najbliższe wiadomości		<-Re: [exim] Experimental SPFRe: [exim] Implementation of SPF - flaw?->
Tahini and Hummus and Cumin Development Archives administrowana przez cumin AdminsLurker (wersja 2.3)