[DShield] SPF is fundamentally flawed

Bruce Lilly blilly at erols.com
Thu Feb 19 22:45:00 GMT 2004


> From: Tony Earnshaw <tonye at billy.demon.nl>
> Date: Thu, 19 Feb 2004 17:00:39 +0100

> AFAIR, Erik is using Postfix (Postfix 2.0.18 being my own chosen MTA at
> the moment). Postfix, donated to the Open Source community by IBM, is
> designed and mainly implemented by Wietse Venema, of IBM.
> 
> Is Postfix a poorly designed MTA?

The issue is actually a combination of MTA design and administrative
configuration.  I can't say what the situation is with Postfix, but
if you use it you can probably determine so; can it be configured to
ignore validity of the recipient at the RCPT TO stage (e.g. by
configuring it to act as an open relay)?

In both of Erik's examples, the MTAs involved appear to be versions
of sendmail (not surprising since that's the most widely used MTA),
and sendmail can be configured to ignore recipient address validity
(though that's highly unusual); that is apparently how one of the
servers in Erik's first example is configured.  In Erik's second
example, the specific MTA and its configuration isn't the issue;
use of a transfer topology involving an intermediate relay will
almost always result in a bounce on downstream failure.




More information about the list mailing list