spamassassin-dev April 2011 archive
Main Archive Page > Month Archives  > spamassassin-dev archives
spamassassin-dev: Re: Shouldn't ignore_received_spf_header defau

Re: Shouldn't ignore_received_spf_header default to 1?

From: Benny Pedersen <me_at_nospam>
Date: Thu Apr 21 2011 - 17:06:35 GMT
To: <dev@spamassassin.apache.org>

On Thu, 21 Apr 2011 12:55:38 -0400, darxus@chaosreigns.com wrote:
> By default, it seems SA will honor Received-SPF headers, while I would
> guess most people aren't inserting it at their MTA, so it's a great
> opportunity for spammers to forge the header to say their email passed
SPF.

this header could be removed in mta, and readded if spf pass in mta, its
just not any stable milters that does it so far, but if headers is removed
and added it most likely invalidates dkim if remote signed it

> So, shouldn't it be disabled by default, by setting
> ignore_received_spf_header to 1?

agree

> It seems like it would be nice to have a rule like
> (SPF_PASS && !SPF_IN_HOSTKARMA_BL)
> where SPF_IN_HOSTKARMA_BL is a lookup of the domain from the
Received-SPF
> header in the hostkarma.junkemailfilter.com zone returning 127.0.0.2.
Or
> any other domain blacklist. I just grabbed one from the bottom of
> http://www.sdsc.edu/~jeff/spam/cbc.html

or report to spamhaus dbl zone, if thats possible ?