Bill Cole skrev den 2020-11-05 04:22:
On 4 Nov 2020, at 20:42, Benny Pedersen wrote:
Bill Cole skrev den 2020-11-05 00:21:
1. Incorrect SPF records are not rare. Even '-all' records with some
permitted IPs.
envelope sender changes on nexthop
Irrelevant to the problem cited, which is simply incorrect records
that fail to list IPs that they should
no its not, its not same domain atleast, more or less people say
maillists breaks spf and we need srs to resolve it, maybe why more
maillists does not have spf at all
2. Traditional (/etc/aliases, ~/.forward, etc.) transparent
forwarding
breaks SPF.
envelope sender changes on nexthop
That is simply not true, unless one deploys extraordinary measures
such as SRS. SMTP is not UUCP.
oh uucp breaks spf :=)
spf is breaked on original envelope sender, the nexthop sender domain
can still have no spf, or spf pass or fail
nothing is really breaked
But in fact, it is. If you use traditional MTA-based forwarding
mechanisms such as /etc/aliases and ~/.forward files, the envelope
sender on an outbound message is the same as it is on the inbound
message. This is why SRS was invented alongside SPF.
then you forwards forward with orginal domain as sender, this is the
fail then, forwarding mta should still self make valid spf for there own
domain, and not include missing ips into original sender domain in
envelope from
Are you maybe thinking of how mailing list managers like Mailman or
majordomo operate?
postfix maillist have no spf at all, i still get dmarc pass :=)
can read only accounts be solved in spamassassin maillis ?, i just say i
have now added rhsoft to rpz localy