Relaying to SPF protected server
in [Postfix]
|
Prev: holding local delivery
Next: Unknown maillog entry
From: "J.R.Ewing" on 1 Apr 2010 07:38 Hello people, Iam trying to solv a problem with relaying. I want to setup a distribution list for one domain, where will postfix only relay email for mydomain.com to selected users email addresses. No local mailboxes, only realaying list. Its quite simple, but.. but if I try to relay email comming from SPF active (has active SPF in DNS) server and it is relayed to SPF protected server (checking validity of sending server if SPF is present in DNS for the sending domain), it is rejected, because of course my server is not valid sending server for that domain. Is there any solution? I have idea to move senders address to "reply to" field and write new sender. Is it possible with postfix? Thanks J.R.
From: Ralf Hildebrandt on 1 Apr 2010 07:40 * J.R.Ewing <jr.ewing(a)radobyl.eu>: > Hello people, > > Iam trying to solv a problem with relaying. I want to setup a > distribution list for one domain, where will postfix only relay email > for mydomain.com to selected users email addresses. No local > mailboxes, only realaying list. Its quite simple, but.. but if I try > to relay email comming from SPF active (has active SPF in DNS) server > and it is relayed to SPF protected server (checking validity of > sending server if SPF is present in DNS for the sending domain), it > is rejected, because of course my server is not valid sending server > for that domain. > Is there any solution? Yes, SRS -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt(a)charite.de | http://www.charite.de
From: Ralf Hildebrandt on 1 Apr 2010 07:42 * Ralf Hildebrandt <Ralf.Hildebrandt(a)charite.de>: > Yes, SRS http://en.wikipedia.org/wiki/Sender_Rewriting_Scheme -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt(a)charite.de | http://www.charite.de
From: Simon Waters on 1 Apr 2010 08:14 On Thursday 01 April 2010 12:38:29 J.R.Ewing wrote: > > Is there any solution? > I have idea to move senders address to "reply to" field and write new > sender. Is it possible with postfix? As Ralph says SRS will do this. However I looked at this recently for a project, where I thought I'd need SRS, and after reviewing the various issues and SPF adoption figures, concluded I'd ignore SPF. In particular very few people reject outright on SPF failure (not least this isn't a good strategy compared to other filtering methods if all you want to do is reduce spam). Various systems handle SPF failed email in a more suspicious manner, but that isn't a practical problem in my experience. SRS might work better for your purpose, but SPF is broken by design and you should flag that to the people using it. We forward a lot of email, we don't do envelope rewriting, and have had a handful of complaints over the years, most from the same person who didn't seem to understand "we have no plans to change at this time".
From: "J.R.Ewing" on 1 Apr 2010 08:27
Simon Waters napsal(a): > On Thursday 01 April 2010 12:38:29 J.R.Ewing wrote: >> Is there any solution? >> I have idea to move senders address to "reply to" field and write new >> sender. Is it possible with postfix? > > As Ralph says SRS will do this. > > However I looked at this recently for a project, where I thought I'd need SRS, > and after reviewing the various issues and SPF adoption figures, concluded > I'd ignore SPF. > > In particular very few people reject outright on SPF failure (not least this > isn't a good strategy compared to other filtering methods if all you want to > do is reduce spam). Various systems handle SPF failed email in a more > suspicious manner, but that isn't a practical problem in my experience. > > SRS might work better for your purpose, but SPF is broken by design and you > should flag that to the people using it. > > We forward a lot of email, we don't do envelope rewriting, and have had a > handful of complaints over the years, most from the same person who didn't > seem to understand "we have no plans to change at this time". Thanks Simon and Ralf for replies, I was observing SRS and it lookslike there is not a simple way to implement it with postfix. Because Iam just starting to relaying at my server, I will let some time to see, if there are some major problems with it or if it works unnoticed for users. Sad is, that the major freemail provider (seznam.cz) here in Czech Republic sadly implement and enforce SPF, the question is, how many domains that our users would be recieving from are SPF "protected" (I know only one, at domain of our company :-/). Thanks again J.R |