[Pymilter] excluding authenticated clients from SPF checks
Pieter De Wit
pieter at insync.za.net
Fri Nov 15 19:40:06 EST 2024
Except…this is not in Debian 12 (One of my messages that got rejected shows this)
There is no auth check in pymilter 3.0.4-2 (which includes spf-engine 3.0.4) - that code was only merged 4 months ago (roughly)
Unless I traced the wrong rabbit hole...
> On 16 Nov 2024, at 11:46, Stuart D Gathman <stuart at gathman.org> wrote:
>
> On Thu, 14 Nov 2024, Marco Moock wrote:
>
>> My requirement is rather simply:
>> I don't want that any SPF check is being done if mail is being
>> submitted authenticated.
>
> That is what happens by default. In line 149 (of spfmilter.py):
>
> if self.user:
> self.internal_connection = True
>
> and if no SMTP-Auth policy is in the access file, any further checking
> is skipped (line 160). in line 171:
>
> if not (self.internal_connection or self.trusted_relay) and self.connectip:
> return self.check_spf()
>
>> Nothing more, no additional checks.
>
> However, you almost certainly do NOT WANT that. You need to restrict
> authorized clients to send from domains they are authorized to send from.
> Windoze users get malware that uses their PC to send from all kinds of spam domains.
>
> The only reason no checking is the default, is because the needed
> information needs to be configured.
> _______________________________________________
> Pymilter mailing list
> Pymilter at gathman.org
> https://gathman.org/mailman/listinfo/pymilter
<!DSPAM:193326EFED21291310318131>
More information about the Pymilter
mailing list