[nycbug-talk] [Fwd: Kaminsky redux - libspf2 dns parsing bug]
Max Gribov
max at neuropunks.org
Fri Oct 24 17:30:50 EDT 2008
Andy Kosela wrote:
> On the contrary I use it because it blocks quite a bit of our SPAM
i got inspired by this and Miles' replies, and hacked postfix's
mailgraph.pl to also graph spf rejects as part of its "virus" report.
Mine looks like this: http://www.neuropunks.org/mailstat/mailgraph.cgi
theres not alot of data, but you get an idea of ratio between things
tagged as spam by spamassassin and things outright rejected by spf
i made a tarball of the hack at
http://www.neuropunks.org/mailgraph-postfix-spf.tar.gz
it took me less than an hour, mailgraph.pl is pretty easy to read/hack,
so other things can be stuck into its process_line() sub and rrd generator
something i realized after half hour of headbanging - you have to change
mailgraph.cgi to reflect your changes to the main file..
boredom rawks
> traffic. I know SPF is flawed from the very beginning but I had to
> turn off greylisting just because it was generating too many blocked
> messages (not all mail servers out there are intelligent enough to
> handle it properly).
>
> Oct 23 01:59:35 aegis postfix/policy-spf[67264]: : SPF fail:
> smtp_comment=Please see
> http://www.openspf.org/why.html?sender=x%x&ip=x.x.x.x&receiver=x,
> header_comment=x: domain of x does not designate x.x.x.x as permitted
> sender
>
>
More information about the talk
mailing list