Re: [exim] Implementation of SPF - flaw?

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] Implementation of SPF - flaw?
Hardy <bulk@???> (Mi 27 Sep 2017 15:15:11 CEST):
> Caution: re-ordered paragraphs for emphasis of what I meant. Richard, we
> agree! I just want to point out a nonsense behavior of the exim/libspf2.a
> implementation of SPF.


And I'd like to point out, that's not failure of Exim but of libspf2 (if
this is a failure at all).

> > > but this would mean, my local users CAN forge sender addresses?! Does
> > > this make sense?!
>
> What I meant is: /according to ligspf2.a implemenatation/ local users /are
> allowed/ to spoof their sender address, which does NOT make sense. This is
> the flaw I want to point at...


Ok. Agreed. Local users, if they are allowed to use SMTP on 127.0.0.1.

> In practice it does not bother me at all. It is just my academical way to
> have things right, even if I don't use them.


Agreed :)

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -