1) I'd like to have spfmilter puts its version and URL, and the version
and URL of the library it's using, into a header on the messages it
processes. I could add a new header, or I could add a key-value-pair
to the Received-SPF header. I prefer the latter - maybe something like
this?
x-software=spfmilter 0.91 http://www.acme.com/software/spfmilter/, libspf2 1.0.4 http://www.libspf2.org/;
Of course libspf doesn't tell me what its version is, and libspf2
currently gets its version wrong, but those problems can be fixed
or worked around. Anyway I'm mostly concerned with the spfmilter version.
2) I'm also wondering what headers I should generate for cases like
IP-based whitelisting and authenticated senders, which bypass the
SPF check. Should I fake up my own "Received-SPF: pass ..."
header, or use a different header name?
3) Finally, the SPF Classic draft RFC says the Received-SPF header
"MUST appear above any other Received-SPF headers in the message."
The current version of spfmilter complies with this by DELETING any
other Received-SPF headers in the message. The next version has
code suggested by Paul Howarth that only deletes any headers
purporting to be from the local hostname. This means it may or
may not be in compliance with the above-quoted RFC requirement,
depending on whether sendmail's milter API function smfi_addheader()
adds the new header before or after the old ones. The API doc on
www.milter.org does not specify the order. I suspect it's after,
but I haven't seen any examples yet and haven't bothered to run
a test case.
So the third question is, how important is this requirement?
---
Jef
Jef Poskanzer jef@acme.com http://www.acme.com/jef/
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
and URL of the library it's using, into a header on the messages it
processes. I could add a new header, or I could add a key-value-pair
to the Received-SPF header. I prefer the latter - maybe something like
this?
x-software=spfmilter 0.91 http://www.acme.com/software/spfmilter/, libspf2 1.0.4 http://www.libspf2.org/;
Of course libspf doesn't tell me what its version is, and libspf2
currently gets its version wrong, but those problems can be fixed
or worked around. Anyway I'm mostly concerned with the spfmilter version.
2) I'm also wondering what headers I should generate for cases like
IP-based whitelisting and authenticated senders, which bypass the
SPF check. Should I fake up my own "Received-SPF: pass ..."
header, or use a different header name?
3) Finally, the SPF Classic draft RFC says the Received-SPF header
"MUST appear above any other Received-SPF headers in the message."
The current version of spfmilter complies with this by DELETING any
other Received-SPF headers in the message. The next version has
code suggested by Paul Howarth that only deletes any headers
purporting to be from the local hostname. This means it may or
may not be in compliance with the above-quoted RFC requirement,
depending on whether sendmail's milter API function smfi_addheader()
adds the new header before or after the old ones. The API doc on
www.milter.org does not specify the order. I suspect it's after,
but I haven't seen any examples yet and haven't bothered to run
a test case.
So the third question is, how important is this requirement?
---
Jef
Jef Poskanzer jef@acme.com http://www.acme.com/jef/
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com