Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!goblin2!goblin.stu.neva.ru!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.049 X-Spam-Evidence: '*H*': 0.90; '*S*': 0.00; 'read.': 0.03; 'subject:Python': 0.06; 'pretend': 0.09; 'subject:script': 0.09; 'thrown': 0.09; '23,': 0.16; 'ah,': 0.16; 'earlier.': 0.16; 'subject:mails': 0.16; 'url:faq': 0.16; 'wrote:': 0.18; 'bit': 0.19; 'command': 0.22; 'email addr:gmail.com>': 0.22; 'manual': 0.22; 'conjunction': 0.24; "shouldn't": 0.24; 'header:In-Reply- To:1': 0.27; 'record': 0.27; 'correct': 0.29; 'chris': 0.29; 'message-id:@mail.gmail.com': 0.30; 'checked': 0.32; 'option': 0.32; 'another': 0.32; 'worked': 0.33; 'there,': 0.34; 'but': 0.35; 'received:google.com': 0.35; 'there': 0.35; 'smtp': 0.36; 'subject:Simple': 0.36; 'subject:?': 0.36; 'url:org': 0.36; 'too': 0.37; 'being': 0.38; 'checks': 0.38; 'to:addr:python-list': 0.38; 'issue': 0.38; 'pm,': 0.38; 'anything': 0.39; 'does': 0.39; 'to:addr:python.org': 0.39; 'even': 0.60; 'simply': 0.61; 'address': 0.63; 'forward': 0.65; 'nobody': 0.68; 'therefore': 0.72; 'jul': 0.74; 'late,': 0.84; 'partial': 0.84; 'address;': 0.91; "sender's": 0.91; '2013': 0.98 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Y+st6LW0mEoSd1aexxJ9bLd/FSG7y+rrANz7PIuoFHs=; b=H5v18c9/hnjC/DfBXGPO1OkuSUiWPuDtsJ3PBtmX/+BGaa44Yana+ookKwSaszeKSk DwU53V4lv9jJnbQ8Z8z9mn5ILFLiQmKQk7re1sthVZh59EQG7oq/Y07ivZxbSrXR3fwc A8W/8LcmYoe5Yk+KIrfeyfFYithZXgFYQybqVm2R3TIWpTImpK3voj+KDhsFiCn2P/QU 7NWqTx5CnpMk9dWWtkNP5zS5sCX+M/14EzSH0Z6lJaEh/lrhzDQeVgWE3igKSXHUbAbT w/G9oDZA+zNVD2XG++xayijTKbNI5GHnrtq5bL6MM1e7BjyrMQL/doWMOCZ2+AaJVUYi Tm4Q== MIME-Version: 1.0 X-Received: by 10.49.48.17 with SMTP id h17mr3773309qen.4.1375708437697; Mon, 05 Aug 2013 06:13:57 -0700 (PDT) In-Reply-To: References: <368qu85msgfhuk2j2s13qj0bqn4rkcint9@4ax.com> <51ED3CEB.1070706@gmail.com> Date: Mon, 5 Aug 2013 18:43:57 +0530 Subject: Re: Simple Python script as SMTP server for outgoing e-mails? From: Sanjay Arora To: python-list@python.org Content-Type: multipart/alternative; boundary=047d7b6d815ebe5acb04e333145e X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 73 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1375708445 news.xs4all.nl 15932 [2001:888:2000:d::a6]:32912 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:51957 --047d7b6d815ebe5acb04e333145e Content-Type: text/plain; charset=ISO-8859-1 On Tue, Jul 23, 2013 at 2:49 PM, Chris Angelico wrote: > Ah, there's a solution to this one. You simply use your own > envelope-from address; SPF shouldn't be being checked for the From: > header. Forwarding and using the original sender's address in the SMTP > 'MAIL FROM' command is forging mail from them, so it is correct for > that to be thrown out. The mail is coming from your own account, so > you put your address in it, and you might even be able to put an > uber-strict SPF record like "v=spf1 ip4:1.2.3.4 -all" which is quick > to process and guarantees that nobody can pretend to forward mail on > your behalf. The checks are for the *current connection*, not anything > earlier. > > ChrisA > Bit Late, but do check out http://www.openspf.org/FAQ/Forwarding Forwarding does get broken, but a partial solution in whitelisting is there, though too manual & therefore cumbersome. Another option http://www.openspf.org/SRS is there to be worked in conjunction with spf. There is a best spf practices guide on the site. And all this email authentication issue given on openspf.org makes an interesting read. Ciao. Sanjay. --047d7b6d815ebe5acb04e333145e Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On T= ue, Jul 23, 2013 at 2:49 PM, Chris Angelico <rosuav@gmail.com> wrote:


Ah, there's a solution to this one. You simply use your own=
envelope-from address; SPF shouldn't be being checked for the From:
header. Forwarding and using the original sender's address in the SMTP<= br> 'MAIL FROM' command is forging mail from them, so it is correct for=
that to be thrown out. The mail is coming from your own account, so
you put your address in it, and you might even be able to put an
uber-strict SPF record like "v=3Dspf1 ip4:1.2.3.4 -all" which is = quick
to process and guarantees that nobody can pretend to forward mail on
your behalf. The checks are for the *current connection*, not anything
earlier.

ChrisA

Bit Late, but do check out=A0 http://www.openspf.org/FAQ/= Forwarding

Forwarding does get broken, but a partial= solution in whitelisting is there, though too manual & therefore cumbe= rsome.

Another option http:/= /www.openspf.org/SRS is there to be worked in conjunction with spf. The= re is a best spf practices guide on the site. And all this email authentica= tion issue given on openspf.org makes an= interesting read.

Ciao.
Sanjay.
--047d7b6d815ebe5acb04e333145e--