|
SA Bugzilla – Full Text Bug Listing |
Summary: | TxRep doesn't use SPF correctly | ||
---|---|---|---|
Product: | Spamassassin | Reporter: | RW <rwmaillists> |
Component: | Libraries | Assignee: | SpamAssassin Developer Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | giovanni, mnalis-sabug, paul.stead, sidney |
Priority: | P2 | ||
Version: | SVN Trunk (Latest Devel Version) | ||
Target Milestone: | 4.0.1 | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: |
Description
RW
2019-10-24 17:45:42 UTC
Hiya - Is this fixed by setting signedby to $pms->{spf_sender} (or extracting the domain from spf_sender)? Something like 1335 } elsif ($pms->{spf_pass} && $self->{conf}->{txrep_spf}) { $ip = undef; my $spf_domain = $pms->{spf_sender}; $spf_domain =~ s/^.+@//; $signedby = 'spf-'.$spf_domain; does this have the intended consequence for making this key less spoofable? I feel like I'm missing a scenario, but I've run it through a few times. Paul Doh, sorry - I don't think this variable actually exists upon testing! But would be easy enough to add to the output from Plugin/SPF? Rather than looking up the SPF authed domain ourselves in TxRep |