Re: JMF whitelist and RAZOR conflict

Sat, 12 Sep 2009 09:03:09 -0700 

On Fri, 11 Sep 2009, MySQL Student wrote:


are you recieving forwarded emails from spf domains ?



If I understand correctly, no. I have no relationship with any external 
source and their SPF records.



if so add the forward ip to trusted_networks (so spf will be disabled 
from this hosts)



Do you mean to avoid the processing overhead? IOW, don't bother checking 
SPF records for trusted domains?



One of the problems with SPF is that someone who sets up forwarding (e.g. 
you have a gmail account, and you set it to automatically forward messages 
to your "real" account) breaks SPF checks for messages received via the 
forward. If I send a mail to your gmail account, and google forwards it to 
your real account, your MTA will see a message from an @impsec.org address 
originating from an MTA that my SPF record says is not a valid source. SPF 
fail.



If you tell SA that google is trusted, that pushes the SPF test point back 
one step - where did *google* receive the message from? mail.impsec.org? 
Okay, then - SPF pass.



On a somewhat related note, how does BOTNET differ from RDNS_NONE?
What is the logic behind the BOTNET rule? Is there some known list
that it's checking, or is it just likely to be a dynamic IP or
compromised host if it doesn't have a reverse DNS entry?


RDNS_NONE is, well, _no_ rDNS data.


BOTNET uses a lot of heuristics to determine whether the sender looks 
dynamic. I suggest you read the list archives back when it was first 
proposed and released for more details.


--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 jhar...@impsec.org    FALaholic #11174     pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  An entitlement beneficiary is a person or special interest group
  who didn't earn your money, but demands the right to take your
  money because they *want* it.    -- John McKay, _The Welfare State:
                                       No Mercy for the Middle Class_
-----------------------------------------------------------------------
 5 days until the 222nd anniversary of the signing of the U.S. Constitution






















					Reply via email to