[nycbug-talk] [Fwd: Kaminsky redux - libspf2 dns parsing bug]

Max Gribov max at neuropunks.org
Fri Oct 24 17:30:50 EDT 2008

Andy Kosela wrote:
> On the contrary I use it because it blocks quite a bit of our SPAM
i got inspired by this and Miles' replies, and hacked postfix's 
mailgraph.pl to also graph spf rejects as part of its "virus" report.

Mine looks like this: http://www.neuropunks.org/mailstat/mailgraph.cgi
theres not alot of data, but you get an idea of ratio between things 
tagged as spam by spamassassin and things outright rejected by spf

i made a tarball of the hack at 

it took me less than an hour, mailgraph.pl is pretty easy to read/hack, 
so other things can be stuck into its process_line() sub and rrd generator
something i realized after half hour of headbanging - you have to change 
mailgraph.cgi to reflect your changes to the main file..

boredom rawks

> traffic. I know SPF is flawed from the very beginning but I had to
> turn off greylisting just because it was generating too many blocked
> messages (not all mail servers out there are intelligent enough to
> handle it properly).
> Oct 23 01:59:35 aegis postfix/policy-spf[67264]: : SPF fail:
> smtp_comment=Please see
> http://www.openspf.org/why.html?sender=x%x&ip=x.x.x.x&receiver=x,
> header_comment=x: domain of x does not designate x.x.x.x as permitted
> sender

More information about the talk mailing list