I am glad to announce a new release of spf-milter:
sendmail-milter-spf-1.40
The major highlights of this release are:
* New feature: spf-milter is now fully SRS compliant. That is, it is
'stand-alone' capable of handling SRS0/SRS1 recipients.
* New feature: Fake DSN detection (optional). A new option, -S, puts
spf-milter in "fake DSN detection" mode. Based on SRS-signed DSN
recipients, spf-milter will be able to detect, and REJECT, forged
bounces.
* New feature: STARTTLS authentication support.
* New feature: SRS1 forwarding (optional). A new option, -r, determines
whether you will relay non-locally resolving SRS0 addresses (reversed
from SRS1).
* Behavioral change: replaced text:
"Need HELO before MAIL"
With the string sendmail pops out itself these days:
"Polite people say HELO first"
* Behavioral change: replaced 'spf_header_comment' comment for
authenticated users:
"domain of <domain> designates <ip> as SASL permitted sender"
With:
"<ip> is authenticated by a trusted mechanism"
This to include STARTTLS authentication.
* Bug fix: replaced SMFIS_TEMPFAIL text:
"An error occurred during SPF processing of <from>.
Please try again later"
With:
"$priv_data->{'spf_smtp_comment'}"
* Bug fix: keep 'is_authenticated' on RSET; during an entire
session, the connection should remain authenticated (unless a
new HELO sounds the possible start of a new STARTTLS session).
I added a new section to the "sendmail-milter-INSTALL.txt" doc:
"4. SRS AND FAKE DSN DETECTION"
I strongly suggest you read this first before venturing into the -S option.
spf-milter itself is heavily documented too. It would not hurt looking at
that, either.
Also, when reading the "sendmail-milter-INSTALL.txt" doc, be aware that you
need to add a new line to your site.config.m4:
define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl
Failure to incorporate this line will not result in error (the 'verify'
macro simply remains undefined to spf-milter), but it will prevent
spf-milter bypass on STARTTLS authenticated senders.
Cheers,
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
sendmail-milter-spf-1.40
The major highlights of this release are:
* New feature: spf-milter is now fully SRS compliant. That is, it is
'stand-alone' capable of handling SRS0/SRS1 recipients.
* New feature: Fake DSN detection (optional). A new option, -S, puts
spf-milter in "fake DSN detection" mode. Based on SRS-signed DSN
recipients, spf-milter will be able to detect, and REJECT, forged
bounces.
* New feature: STARTTLS authentication support.
* New feature: SRS1 forwarding (optional). A new option, -r, determines
whether you will relay non-locally resolving SRS0 addresses (reversed
from SRS1).
* Behavioral change: replaced text:
"Need HELO before MAIL"
With the string sendmail pops out itself these days:
"Polite people say HELO first"
* Behavioral change: replaced 'spf_header_comment' comment for
authenticated users:
"domain of <domain> designates <ip> as SASL permitted sender"
With:
"<ip> is authenticated by a trusted mechanism"
This to include STARTTLS authentication.
* Bug fix: replaced SMFIS_TEMPFAIL text:
"An error occurred during SPF processing of <from>.
Please try again later"
With:
"$priv_data->{'spf_smtp_comment'}"
* Bug fix: keep 'is_authenticated' on RSET; during an entire
session, the connection should remain authenticated (unless a
new HELO sounds the possible start of a new STARTTLS session).
I added a new section to the "sendmail-milter-INSTALL.txt" doc:
"4. SRS AND FAKE DSN DETECTION"
I strongly suggest you read this first before venturing into the -S option.
spf-milter itself is heavily documented too. It would not hurt looking at
that, either.
Also, when reading the "sendmail-milter-INSTALL.txt" doc, be aware that you
need to add a new line to your site.config.m4:
define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl
Failure to incorporate this line will not result in error (the 'verify'
macro simply remains undefined to spf-milter), but it will prevent
spf-milter bypass on STARTTLS authenticated senders.
Cheers,
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com