Re: opedmarc and opendkim
> On Mar 31, 2021, at 1:09 PM, David Bürgin wrote: > > Dominic Raferd: >> On 31/03/2021 17:29, Benny Pedersen wrote: >>> On 2021-03-31 18:21, Dan Mahoney wrote: >>> > problem is your setup used Sender-ID with is long time depricated Why would you advise not using libspf2? >>> atleast not in opendmarc, sid-milter is imho fine >>> >>> but it bulds in both cases of depricated Sender-ID >> opendmarc's internal spf checking with libspf2 works fine with versions >> 1.3.2 or higher, so you don't need to use an external spf checker (unless >> you want such for another purpose). > > Yeah, I found libspf2 as used in OpenDMARC to be reliable enough. But > it’s true that it was written for now obsolete RFC 4408. For example, > the ‘void lookup limit’ is not implemented in libspf2. To be clear, that’s a SHOULD, RECOMMENDED implementation detail, not a MUST. That said, yeah it would be nice if LibSPF2 were updated to reflect the most recent RFC. In OpenDMARC, we’re generally recommending that everyone use LibSPF2 (or something else) and not rely on the inbuilt SPF libs (and may even rip them out at some point), but we don’t want to do that between a 1.4.0 and a 1.4.1 release. There’s also been a CVE raised because pypolicyd trusts the HELO string, which causes opendmarc to return a false pass. I’m the FreeBSD port maintainer for opendmarc — if someone hasn’t packaged your milter for FreeBSD, we should talk. -Dan
Re: opedmarc and opendkim
Dominic Raferd: On 31/03/2021 17:29, Benny Pedersen wrote: On 2021-03-31 18:21, Dan Mahoney wrote: problem is your setup used Sender-ID with is long time depricated Why would you advise not using libspf2? atleast not in opendmarc, sid-milter is imho fine but it bulds in both cases of depricated Sender-ID opendmarc's internal spf checking with libspf2 works fine with versions 1.3.2 or higher, so you don't need to use an external spf checker (unless you want such for another purpose). Yeah, I found libspf2 as used in OpenDMARC to be reliable enough. But it’s true that it was written for now obsolete RFC 4408. For example, the ‘void lookup limit’ is not implemented in libspf2. (I now use my own SPF Milter, which implements RFC 7208. Here for those interested: https://gitlab.com/glts/spf-milter)
Re: opedmarc and opendkim
On 2021-03-31 18:33, Dominic Raferd wrote: On 31/03/2021 17:29, Benny Pedersen wrote: On 2021-03-31 18:21, Dan Mahoney wrote: problem is your setup used Sender-ID with is long time depricated Why would you advise not using libspf2? atleast not in opendmarc, sid-milter is imho fine but it bulds in both cases of depricated Sender-ID opendmarc's internal spf checking with libspf2 works fine with versions 1.3.2 or higher, so you don't need to use an external spf checker (unless you want such for another purpose). pypolicyd-spf uses imho another rfc with is not yet in libspf2 or opendmarc ?
Re: opedmarc and opendkim
On 31/03/2021 17:29, Benny Pedersen wrote: On 2021-03-31 18:21, Dan Mahoney wrote: problem is your setup used Sender-ID with is long time depricated Why would you advise not using libspf2? atleast not in opendmarc, sid-milter is imho fine but it bulds in both cases of depricated Sender-ID opendmarc's internal spf checking with libspf2 works fine with versions 1.3.2 or higher, so you don't need to use an external spf checker (unless you want such for another purpose).
Re: opedmarc and opendkim
On 2021-03-31 18:21, Dan Mahoney wrote: problem is your setup used Sender-ID with is long time depricated Why would you advise not using libspf2? atleast not in opendmarc, sid-milter is imho fine but it bulds in both cases of depricated Sender-ID
Re: opedmarc and opendkim
Why would you advise not using libspf2? Sent from my iPad > On Mar 31, 2021, at 09:01, Benny Pedersen wrote: > > On 2021-03-31 17:51, Maurizio Caloro wrote: > >> SPFIgnoreResults true >> SPFSelfValidate true > > set both to false > > and dont use libspf2 > > problem is your setup used Sender-ID with is long time depricated
Re: opedmarc and opendkim
On 2021-03-31 17:51, Maurizio Caloro wrote: SPFIgnoreResults true SPFSelfValidate true set both to false and dont use libspf2 problem is your setup used Sender-ID with is long time depricated