Mark Constable writes:
> No, this should not happen. Courier should not be doing an SPF check if this> is your client, authenticated, with relaying privileges.The above example was from the message recipients final destination mailserver.> Well, I thought what you were talking about is using the same IP address for> outgoing messages as the IP address they were received from,Yes, that's it. And to be really nice, postfix throws in a virtual hostname as well (during the SMTP exchange to the recipient server) that ends up being usedin -> Received: from vdomain1.com (rather than primarydomain.com).
Ok, that's where I thought you were going. Except that SPF's involvement was confusing me.
> Also note that, I don't know what Postfix does, but Courier does not close > the outgoing connection immediately after sending a message. It'll hold it > open for a while, and if another message to the same domain comes in, it'll> use the existing connection. If the first message was from one IP address, but> the second message is from a different IP address, it will be necessary to> disconnect, and then reconnect. Just realized it, this morning, while thinking> about it on my morning jog. Appreciate the fact that you are considering this. I tried to keep my posts short but I should have provided a clear example of the whole procedure in the first place.The basic scheme is that the originating mailserver can provide for any numberof vdomains, that when used by an authenticating MUA on port 465, then onsendthe message to the target mailserver from the same IP as it arrived on. If theSMTP exchange can include the vdomain as originating mailserver hostname then that should be enough to provide a set of headers that can pass both SPF and"eyeball" checks that it came from the vdomain rather than the primary domain.I guess my Subject line should have been "Multiple SSL certs AND multiple IPs"
Yes, well, it's really more than just that. I now understand what's going on here, and there's a bit more stuff here in play. You can listen on multiple IPs just fine. What also needs to be done is also to save which IP address each message was received from, and then use that IP address in case that message ever goes out via SMTP again, in addition to using an IP address- specific configuration.
And, of course, the fact that Courier pipelines outbound SMTP, which means a disconnect and a reconnect. I don't think I'll want to set that as a different SMTP destination. Too much stuff depends on the SMTP destination identified by the destination domain.
And then there's the server name TLS extension, where you do not need a different IP address in order to select the right certificate (if the client is agreeable to negotiating that TLS extension). But that only works if Courier gets compiled against GnuTLS rather than OpenSSL, because last time I checked only GnuTLS supported that TLS extension, and OpenSSL didn't, so support for that is only there when you build Courier against GnuTLS. So now you've got a message to send on behalf of an IP-less domain. Now what are you going to do, then.
But, let's see what I can do.
pgpAzmGjW1v62.pgp
Description: PGP signature
------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
