On 22.10.15 00:19, Reindl Harald wrote:
otherwise you would not be able to set a SPF-record for your CNAMES
and "reject_unknown_sender_domain" won't hit for a forged subdomain
because it exists - so SPF *must* work for CNAMES or the whole
intention for HELO SPF would not work
Am 22.10.2015 um 13:55 schrieb Matus UHLAR - fantomas:
I don't get this. HELO must be canonical name, so it must not be CNAME.
Thus, there's no need to follow CNAMEs in SPF when checking for HELO.
when you check HELO, the CNAME should be treated as error
On 22.10.15 13:58, Reindl Harald wrote:
see first repsonse to that thread
it does not explain why should it cause problems for HELO SPF. as I have
already noted, using CNAME for HELO violates SMTP RFC, so there's technically no
reason to follow CNAME expecially in these cases - it's alredy broken and
failing the check would be (imho) proper reaction.
what do i mean with "is always followed"?
[...]
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have.
