Mark Constable writes:
On 2008-08-20, Sam Varshavchik wrote:> This is the result of me sending a test message to [EMAIL PROTECTED]> > Aug 20 11:29:02 mail courieresmtpd: started,ip=[::ffff:203.17.154.25]> Aug 20 11:29:06 mail courierd: newmsg,id=000BB289.48AB7361.00004973: > dns; m0.velocity.net.au (mail.velocitynet.com.au [::ffff:203.17.154.25]) > Aug 20 11:29:08 mail courieresmtpd: started,ip=[::ffff:203.17.154.25]> > Aug 20 11:29:16 mail courieresmtpd: error,relay=::ffff:203.17.154.25,> from=<[EMAIL PROTECTED]>: 517 SPF fail [EMAIL PROTECTED]: > Address does not pass the Sender Policy Framework> > As mentioned, I thought a BOFHSPFFROM=mailfromok would cover this> situation so can anyone suggest what might be going on here ?mailfromok means that if the SMTP MAIL FROM: address passes SPF, the From: header is not checked. This settings helps SPF work with mailing lists. If a mailing list has its own SPF record, and the list messages carry the mailing list's return address, its valid SPF record validates list messages from senders who have their own SPF records. lists.sourceforge.net has its own SPF record. My mail sent to this list will pass SPF checking even though my domain's SPF record does not include lists.sourceforge.net's IPs.Yep, I think I understand that, thanks.renta.net's SPF record does not seem to include 203.17.154.25, so mailfromok is not in effect.But renta.net's SPF should not have anything to do with 203.17.154.25 as this situation is analogous to a mailing-list at lists.sf.net (kind of). I'm sending an email to [EMAIL PROTECTED] which has a forward back to a user@ on a server I maintain, and the error above is that return email.
This is not analogous to lists.sourceforge.net's mailing list. Messages sent to these mailing lists are redistributed with the return address reset back to lists.sourceforge.net. You're not going to get this message with the return address of [EMAIL PROTECTED], but rather with lists.sourceforge.net's own return address.
If anyone sends an email to [EMAIL PROTECTED] it
gets forwarded to said server and results in the same error so it's
simply not possible to add 203.17.154.25 to "everyones" SPF records.
The missing piece is that when the mail gets forwarded, the return address needs to be reset to @jakeman.com.au, and a suitable SPF record needs to be provided. There's actually some semi-standard documentation floating around that sets the standard for rewriting return addresses, when forwarding. However, any address rewriting scheme will work fine.
pgp6npcPtBk1x.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
