[opendmarc-users] spf align question
Scott Kitterman
sklist at kitterman.com
Tue Apr 2 17:26:01 PDT 2013
On Tuesday, April 02, 2013 11:16:57 AM Murray S. Kucherawy wrote:
...
> I would typically recommend installing and using sid-milter even though
> it's unmaintained, ...
For Sendmail users, it may be a reasonable choice as there are few
alternatives, but for Postfix there are several better policy server
implementations that correctly support RFC 4408.
The biggest problem I see with it is the lack of support for RFC 4408
processing limits. The only processing limit I see in a quite look through
the code is:
SM_MARID_SET_MAX_DEPTH -- set maximum recursion depth
Recursion depth limit is a very old idea from the first Perl reference
implementation (Mail::SPF::Query) that has long since been abandoned.
Recursion depth limits may protect you from an infinite loop due to a bug, but
they in no way address the security concerns that caused the processing limits
in RFC 4408 to be introduced.
If you have a more modern alternative, I'd take it.
Scott K
More information about the opendmarc-users
mailing list