https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7764
Bug ID: 7764
Summary: TxRep doesn't use SPF correctly
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Libraries
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: Undefined
In TxRep.pm
1332 if ($signedby) {
1333 $ip = undef;
1334 $domain = $signedby;
1335 } elsif ($pms->{spf_pass} && $self->{conf}->{txrep_spf}) {
1336 $ip = undef;
1337 $signedby = 'spf';
1338 }
IMO $signedby should only be set to 'spf' if there's also relaxed alignment
between $from and the envelope sender. Otherwise it's very easy to spoof, it
can even happen automatically with forwarding.
Setting $signedby to the sender domain or $from to the sender address are
superficially appealing, but don't help under forwarding.
--
You are receiving this mail because:
You are the assignee for the bug.
