OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
Comments

<< Re: SPF and Greylisting? | Up: SPF and Greylisting? | Flattened | Expanded | Re: SPF and Greylisting? >>

Threshold: Help

  Re: SPF and Greylisting? (mod 10/28)
by Anonymous Coward (97.88.184.178) on Sat Jul 18 01:52:38 2009 (GMT)
  >You'd probably want to ignore ?all records when doing this, but anyone who publishes accurate SPF records could then resend from any of their mail servers.

What if the SPF record allows 1.0.0.0/8 and 2.0.0.0/8, etc.,? It would take nothing for a spam domain to designate all of Afrinic, for example, as valid senders.

There was a spamd patch floating around [misc@ or tech@ ?] that would allow resends from the same /24 subnet, which is reasonable.

I was called at home during supper one night a few years ago, because some mail wasn't coming through. The sender's first connection came from .10, then .11, and .12 and so forth. The bad part was that the sender was the company buying us, and the emails were the final signing documents. Made me look very bad, indeed, holding up the sale of the company, even if the fix was just whitelisting their /24.

Would be nice if spamd had a knob ("Knobs be damned!") that allowed you to designate the subnet mask (default /32) to apply to the sender.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. Some icons from slashdot.org used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]