Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1057876 - Review Request: smf-spf - Mail filter for Sender Policy Framework verification
Summary: Review Request: smf-spf - Mail filter for Sender Policy Framework verification
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody's working on this, feel free to take it
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 1057874
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-01-25 15:51 UTC by Matt Domsch
Modified: 2014-10-01 13:59 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-10-01 13:56:32 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Matt Domsch 2014-01-25 15:51:59 UTC 
Spec URL: http://domsch.com/fedora/libspf2/smf-spf.spec
SRPM URL: http://domsch.com/fedora/libspf2/smf-spf-2.0.2-6.el6.src.rpm
Description: 
smf-spf is a lightweight, fast and reliable Sendmail milter that implements the
Sender Policy Framework technology with the help of the libspf2 library. It
checks SPF records to make sure that e-mail messages are authorized by the
domain that it is coming from. It's an alternative for the spfmilter,
spf-milter, and milter-spiff milters.

Fedora Account System Username: mdomsch
Comment 1 Matt Domsch 2014-01-25 15:54:10 UTC 
All credit goes to Paul Howarth for this.  We are also actively trying to find out who is maintaining this upstream anymore, as the original author appears to have disappeared from the Internet (all addresses fail, SF account is deactivated).

SELinux policy update needed to it can open a unix domain socket to talk to sendmail, rather than listen on a TCP port.  Paul wrote this policy, which is a combination of smf-spf and another program, smf-sav.

http://domsch.com/fedora/libspf2/smfs.te
Comment 2 Andrew J. Schorr 2014-09-05 21:17:37 UTC 
Hi,

Thanks for doing this work.  This is sorely needed.

Why does the spec file declare a dependency on sendmail?

    Requires:       sendmail >= 8.12

Our site uses postfix.  As far as I can tell, this dependency is not required.  Can you please remove it?

Thanks,
Andy
Comment 3 Andrew J. Schorr 2014-09-06 14:40:34 UTC 
It may also make sense to add a minor patch to remove this gratuitous header that is inserted into every message:

X-SPF-Scan-By: smf-spf v2.0.2 - http://smfs.sf.net/

That seems to server no particular purpose, and the URL is not even valid any more.

There are some patches here that may be worth considering:

http://www.trusteddomain.org/pipermail/opendmarc-users/2013-June/000153.html

They remove the header and make a few other small changes.  I'm not sure whether they are all desirable, but certainly removing or at least fixing that header makes sense.

Regards,
Andy
Comment 4 Matt Domsch 2014-10-01 13:56:32 UTC 
I am withdrawing this packaging request, as opendmarc now implements SPF testing internally.

https://bugzilla.redhat.com/show_bug.cgi?id=1057876
is the opendmarc package review.
Comment 5 Matt Domsch 2014-10-01 13:59:29 UTC 
https://bugzilla.redhat.com/show_bug.cgi?id=905304
is the opendmarc package review, not 1057876.
Note You need to log in before you can comment on or make changes to this bug.