Julian Mehnle writes:
Alessandro Vesely [EMAIL PROTECTED] wrote:It is still not clear why one would rewrite senders. SPF should work if everybody takes the burden of declaring what are the mail servers they use.
Suppose I have an account with the CPAN project and thus have the e-mail address <[EMAIL PROTECTED]>. Instead of fetching mail from there via POP3/IMAP, I set it to forward mail to my other address <[EMAIL PROTECTED]>. The mehnle.net MTA does SPF checking.
Now someone at pobox.com (which is SPF protected) sends me a message to my cpan.org address. The cpan.org MTA forwards the message to the mehnle.net MTA, which sees the "pobox.com" envelope sender being used on a message coming from a cpan.org MTA. But the pobox.com SPF record doesn't authorize cpan.org MTAs to send mail on their behalf, so mehnle.net rejects the message.
To solve the problem, cpan.org would have to rewrite the envelope sender to something at cpan.org before forwarding the message.
This is a very classical forwarding scenario.
If you know that you're going to get forwarded mail, then you'll just have to turn off SPF; or, with some additional planning, disable SPF checking for mail received from CPAN's IP address (this can actually be done in Courier, using the smtpaccess file).
pgpjUed7OjvQi.pgp
Description: PGP signature
