From owner-freebsd-questions@freebsd.org Sun Apr 17 17:04:03 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7AB90AED9E9 for ; Sun, 17 Apr 2016 17:04:03 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.117.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F1C7118FB for ; Sun, 17 Apr 2016 17:04:02 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from liminal.local (liminal.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3636:3bff:fed4:b0d6]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id D05FF11816 for ; Sun, 17 Apr 2016 17:03:51 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/D05FF11816; dkim=none; dkim-atps=neutral Subject: Re: Bill Account Confirmation - 0270505992 To: freebsd-questions@freebsd.org References: From: Matthew Seaman Message-ID: <5713C1ED.6090708@FreeBSD.org> Date: Sun, 17 Apr 2016 18:03:41 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="6sAInlLVwQbCic6PBo7BefviTIbJC2I3e" X-Virus-Scanned: clamav-milter 0.99.1 at smtp.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on smtp.infracaninophile.co.uk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Apr 2016 17:04:03 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --6sAInlLVwQbCic6PBo7BefviTIbJC2I3e Content-Type: multipart/mixed; boundary="GkVnDfKCeLX10AecGpE1SjI2aW5hoJbkv" From: Matthew Seaman To: freebsd-questions@freebsd.org Message-ID: <5713C1ED.6090708@FreeBSD.org> Subject: Re: Bill Account Confirmation - 0270505992 References: In-Reply-To: --GkVnDfKCeLX10AecGpE1SjI2aW5hoJbkv Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 17/04/2016 10:53, Matthias Fechner wrote: > Am 17.04.2016 um 11:30 schrieb Reko Turja: >> liukuma.net. IN SPF "v=3Dspf1 a mx -all" >> >> Just saying... >=20 > yes it seems that freebsd does not check the SPF record. > Just saw this morning a forged mail from my domain as well: > host -t SPF fechner.net > fechner.net has SPF record "v=3Dspf1 a mx a:anny.lostinspace.de -all" >=20 > Would be nice if the postmaster would add a SPF check. There used to be a very nice integrated SPF checking facility that was available as a set of patches to the FreeBSD postfix port (postfix being what the FreeBSD mail system runs on), but it wasn't compatible with the latest stable version of postfix and got dropped. Upstream would not accept the patches for reasons I don't entirely understand, although there would have been some extra work to do, given this seems to me to be a natural addition to postfix's new-ish postscreen process. Instead to get SPF checking nowadays you need to implement either milter-sid (which was intended primarily to support the now largely abandoned SPFv2 stuff that Microsoft tried to introduce) or else one of the postfix-policyd-spf implementations (you get to choose from either perl or python there.) Cheers, Matthew --GkVnDfKCeLX10AecGpE1SjI2aW5hoJbkv-- --6sAInlLVwQbCic6PBo7BefviTIbJC2I3e Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJXE8HzXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATq5wP/1XoLwjTwULMwk9gC20QSmbO 3bht2mP+Tg+mCs2MdXht0yiIR0PkkrEgw6axAO3+UUGeYvi6kmz4WtqDomjVviUV HzDRwryff0opsytXsu+zLK9+bmrHU81fwmP+3MDGqQyVlPvaooRAfbqPs70yP+Uz XUsc5NEhLy4kFOGjiIegNp94XjhZVq73+HnJ7dQY5m3w1UFcT5We1ukxatInACxO pPlRdCSH64qWp1nXIKQaKCobv3lN4YQoMMGHkEyEv5oPsQlJnCMFkeHhmcpAYGUU MXfqt9ItA1qTy9DCSofltn+ObamuUUnTlz8vl7rKvCNibH5FxsDGa2jfo3tMrHos R9pNPmWMf/vYeubHM05v0qlNXmmGwNFh61MIOlRbxTYc85mOTTrMbSmuVFySo4CB nFYFnDFq/kguCIDCll07ASoU3KpVtkglNKVUOu9/FUu7dRzdCzFKzbPnAFx/GI8u C2CLpBfkIH/tBSTyeSczxEZ5LdY1YCQzdE9BMudEX6vjrz3/MFBcJyIm46IwwOR+ zgHq9CzlZL2cG2j8VQGvXv37BCyZP8/0OIzYEAL+rcHIKVGPWkdNXnwTiN0Q6RaL eOWherpCoRgPUuXnOth25Wy6u5jBdmenZj6eZslcfTNSNVJfdXOec6x9Lg7lX3jU vWXKkRBNq292ZOmSQe1O =xxgN -----END PGP SIGNATURE----- --6sAInlLVwQbCic6PBo7BefviTIbJC2I3e--