Mark Constable wrote: >>> >>> . whitelist forwarder IP addresses >>> . use forwarders that rewrite the sender >> >> It is also possible to do both of them. Rather than patching an SRS >> implementation into Courier, I'd be out to enhance authlib in order to >> allow easier management of whitelisting: [...] >> >> Rewriting the sender should be operated according to sender's local >> policies, depending on what kind of forwarding is being operated. I >> guess Sam is correct when he suggests that this ought to be done with >> maildrop. > > As usual, I am missing some dots. Perhaps there are 2 situations that > need different solutions. I think the above applies to a host that is > doing the forwarding in such a way that it will be accepted [...] > > However, does this mean that there is simply no way, ever, to accept > or bypass the SPF block for messages coming into our mailserver from > another host that does not rewrite similar forwarded messages?
That's exactly the point. The forwarder violates SPF by impersonating someone else. The forwarded message carries no evidence whatsoever that the original message was SPF-compliant, does it? A similar problem arises with DNSBL checking: If you accept forwarded mail from a server that doesn't query the DNSBLs you require, your acceptance policy is broken. Those two problems are common to casual forwarders as well as backup MXes. I don't think that kind of problem can be solved without cooperation between the sending and the receiving hosts. Thus, we are not talking about different solutions, but rather of the two sides of the same solution. However, since cooperation implies agreement, I have no idea how long will it take before any viable solution takes root. > In other words, the absolute bottom line is that, if I want to accept > messages that are aliased or forwarded from other hosts that do not > use SRS or rewrite the From_ header, but do use an SPF TXT record, > that I have to disable SPF checking? Yes, at least for that specific host (or backup MX). ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
