#18 sid-milter should not reject mails from a domain without SPF

v0.2.9
closed
1
2008-04-09
2005-12-09
No

Orignally from FRE # 1377009:

>Dick St.Peters Wrote:
>
>The problem isn't the envelope from address. The
>"can't determine responsible domain" comes from the PRA
>scope check and shows up for mail sent without any
>"From:" or "Sender:" header or other basis for
>determining a PRA.
>
>This happens for mail sent by simple-minded SMTP
>engines. If mail is sent using sendmail and has no
>"From:" header, sendmail will add one based on the
>envelope from.
>
>Fredrik writes:
>However then i look in the MIME-header for the same
>mail in my gmail mailbox, there is accually a From:
>header at the bottom. Check the included EXAMPLE.TXT
>file.
>

This domain "miljomal.nu" doesn't have a SPF record:

# dig -t TXT miljomal.nu

;; QUESTION SECTION:
;miljomal.nu. IN TXT

Discussion

  • Fredrik Pettai

    Fredrik Pettai - 2005-12-09
     
    Attachments
  • Fredrik Pettai

    Fredrik Pettai - 2005-12-09

    Logged In: YES
    user_id=370342

    This is how sid-milter (on Solaris) treats the same message:

    Dec 2 14:41:43 mx1 sendmail[14470]: [ID 801593 mail.info]
    jB2Dfh31014470: Milter (sid-filter): init success to negotiate
    Dec 2 14:41:43 mx1 sendmail[14470]: [ID 801593 mail.info]
    jB2Dfh31014470: Milter: connect to filters
    Dec 2 14:41:45 mx1 sendmail[14470]: [ID 801593 mail.info]
    jB2Dfh31014470: Authentication-Warning: mx1.vattenfall.se:
    Host mport.environ.se [194.198.93.50] claimed to be
    mport.miljomal.nu
    Dec 2 14:41:46 mx1 sendmail[14470]: [ID 801593 mail.info]
    jB2Dfh31014470:
    from=<nyhetsbrev-miljomal-return-42-fredrik.pettai=vattenfall.com@miljomal.nu>,
    size=1385, class=-60, nrcpts=1,
    msgid=<213FC6754F64874EA6512485AFB66CB4045D3A96@marge>,
    proto=SMTP, daemon=MTA-v4, relay=mport.environ.se
    [194.198.93.50]
    Dec 2 14:41:46 mx1 sid-filter[14849]: [ID 931327
    mail.error] jB2Dfh31014470 can't determine responsible domain
    Dec 2 14:41:46 mx1 sendmail[14470]: [ID 801593 mail.info]
    jB2Dfh31014470: milter=sid-filter, action=eoh, reject
    Dec 2 14:41:46 mx1 sendmail[14470]: [ID 801593 mail.info]
    jB2Dfh31014470: Milter: reject, data
    Dec 2 14:41:46 mx1 sendmail[14470]: [ID 801593 mail.info]
    jB2Dfh31014470: Milter: data, reject=554 5.7.1 Command rejected
    Dec 2 14:41:46 mx1 sendmail[14470]: [ID 801593 mail.info]
    jB2Dfh31014470: to=<fredrik.pettai@vattenfall.com>,
    delay=00:00:00, pri=139385, stat=Command rejected

    It gets rejected by sid-milter even though miljomal.nu
    doesn't have a SPF TXT RR.

    /P

     
  • Anonymous - 2005-12-09
    • labels: --> Functionality
    • milestone: --> v0.2.9
    • assigned_to: nobody --> sm-msk
     
  • Anonymous - 2005-12-09

    Logged In: YES
    user_id=1048957

    In the example text file you included, there are two From:
    headers, the first containing "NYHETSBREV@miljomal.nu" and
    the second containing "<Eva.Ahnland@naturvardsverket.se>".
    The fact that there are two makes sid_getpra() decide the
    message is malformed. This is correct according to the
    SenderID draft.

    sid-filter could be trained to tolerate such cases though
    and just report "neutral" or "softfail" or something.

     
  • Fredrik Pettai

    Fredrik Pettai - 2005-12-10

    Logged In: YES
    user_id=370342

    Sorry, my fault. I missed that.
    But yes, it would be good if sid-milter could have a option
    to let sid_getpra() be more tolerant to such cases.
    However, i think that sid-filter rejects those even if it
    runs in testmode aswell (tempfail them), but i must
    doublecheck that.

     
  • Fredrik Pettai

    Fredrik Pettai - 2006-12-15
    • priority: 5 --> 1
     
  • Fredrik Pettai

    Fredrik Pettai - 2006-12-15

    Logged In: YES
    user_id=370342
    Originator: YES

    Maybe this isn't necessary at all...

     
  • Anonymous - 2008-03-25

    Logged In: YES
    user_id=1048957
    Originator: NO

    Please comment if this is still an issue. A look at the current code (0.2.14) suggests such messages aren't rejected in test mode.

    I could see having a separate command line switch for rejecting mail from which the PRA can't be determined, so that "test mode" is different. If that's desirable, please open a new feature request.

    If not, this will auto-close in two weeks.

     
  • Anonymous - 2008-03-25
    • status: open --> pending
     
  • SourceForge Robot

    Logged In: YES
    user_id=1312539
    Originator: NO

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).

     
  • SourceForge Robot

    • status: pending --> closed
     
  • Fredrik Pettai

    Fredrik Pettai - 2008-05-22

    Logged In: YES
    user_id=370342
    Originator: YES

    Sorry for not answering in time.

    Anyway, I have trouble testing this again, since sid-filter is broken under NetBSD.

    Re,
    /P

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks