Skip Menu |
 
rt.cpan.org will be shut down on March 1st, 2021.

This queue is for tickets about the Mail-SPF CPAN distribution.

Report information
The Basics
Id: 101713
Status: new
Priority: 0/
Queue: Mail-SPF

People
Owner: Nobody in particular
Requestors: scott [...] kitterman.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



MIME-Version: 1.0
X-Spam-Status: No, score=0.698 tagged_above=-99.9 required=10 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DNS_FROM_AHBL_RHSBL=2.699, SPF_HELO_PASS=-0.001] autolearn=no
X-Spam-Flag: NO
content-type: text/plain; charset="utf-8"
Message-ID: <10383379.TvSH0AYDXR [...] scott-latitude-e6320>
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
X-Spam-Score: 0.698
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 99483240271 for <cpan-bug+Mail-SPF [...] hipster.bestpractical.com>; Fri, 23 Jan 2015 17:57:15 -0500 (EST)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GgCKEOcwqNUx for <cpan-bug+Mail-SPF [...] hipster.bestpractical.com>; Fri, 23 Jan 2015 17:57:10 -0500 (EST)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 878FB24026E for <bug-Mail-SPF [...] rt.cpan.org>; Fri, 23 Jan 2015 17:57:10 -0500 (EST)
Received: (qmail 15547 invoked by alias); 23 Jan 2015 22:57:10 -0000
Received: from mailout03.controlledmail.com (HELO mailout03.controlledmail.com) (208.43.65.50) by la.mx.develooper.com (qpsmtpd/0.28) with ESMTP; Fri, 23 Jan 2015 14:57:08 -0800
Received: from scott-latitude-e6320.localnet (static-72-81-252-21.bltmmd.fios.verizon.net [72.81.252.21]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 060B9C40472; Fri, 23 Jan 2015 17:00:13 -0600 (CST)
Authentication-Results: hipster.bestpractical.com (amavisd-new); dkim=pass header.i= [...] kitterman.com
Delivered-To: cpan-bug+Mail-SPF [...] hipster.bestpractical.com
User-Agent: KMail/4.13.3 (Linux/3.13.0-44-generic; KDE/4.13.3; x86_64; ; )
Subject: Documentation Error on Processing null Mail From
Return-Path: <scott [...] kitterman.com>
X-RT-Mail-Extension: mail-spf
X-Original-To: cpan-bug+Mail-SPF [...] hipster.bestpractical.com
X-Spam-Check-BY: la.mx.develooper.com
Dkim-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1422054013; bh=3dSqKAEL4HPgwWcriaeX/ZGq1ytW/uP4lj7N5f47UnA=; h=From:To:Subject:Date:From; b=aFGlbEEicNkaU7xa8wY2xElGz8MwE2uL+zmcPVFTfl4oMvdwdGLVkE+mppJ3q/6Om kX+ajk0sTlqiaH+mJESCkCeQpC06rOAHMxTUz59+hxTVsSC8JxRS4wjrvXhPBDsJ5b kkSk3SQHaxXy6wXoOLVxKIgiSv62D4Za0e8SzhrE=
Date: Fri, 23 Jan 2015 17:57:03 -0500
X-Spam-Level:
To: bug-Mail-SPF [...] rt.cpan.org
Content-Transfer-Encoding: 7Bit
From: Scott Kitterman <scott [...] kitterman.com>
X-RT-Original-Encoding: ascii
X-RT-Interface: Email
Content-Length: 1701
Download (untitled) / with headers
text/plain 1.6k
In lib/Mail/SPF/Request.pm, there is: I<Note>: In the case of an empty C<MAIL FROM> SMTP transaction parameter (C<< MAIL FROM:<> >>), you should perform a check with the C<helo> scope instead. This is not quite correct. See section 2.2 of RFC 4408. It says: [RFC2821] allows the reverse-path to be null (see Section 4.5.5 in RFC 2821). In this case, there is no explicit sender mailbox, and such a message can be assumed to be a notification message from the mail system itself. When the reverse-path is null, this document defines the "MAIL FROM" identity to be the mailbox composed of the localpart "postmaster" and the "HELO" identity (which may or may not have been checked separately before). Instead of performing a check with the <helo> scope, it is more correct to create a synthetic mfrom (i.e. postmaster@helo) and check that identity using the mfrom scope. While the raw SPF result will, except in the case of macros, be the same, applications which process SPF results treat HELO and mfrom results differently, so it is important that the null mfrom check be correctly identified as an mfrom check. The updated SPF RFC, RFC 7208, has very similar language in section 2.4: [RFC5321] allows the reverse-path to be null (see Section 4.5.5 in [RFC5321]). In this case, there is no explicit sender mailbox, and such a message can be assumed to be a notification message from the mail system itself. When the reverse-path is null, this document defines the "MAIL FROM" identity to be the mailbox composed of the local-part "postmaster" and the "HELO" identity (which might or might not have been checked separately before). Scott K


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.