Mail forwarding and SPF issue
in [Sendmail]
|
From: Andreas Meile on 3 Jul 2008 03:28 Dear Sendmail users In some specific cases, I get postmaster bounce mails like this one: .... while talking to mailin.example.net.: >>> RCPT To:carol(a)example.net <<< 550-5.7.1 {mx015} The recipient does not accept mails from 'example.org' over foreign mailservers. <<< 550-5.7.1 According to the domain's SPF record your host '192.0.2.47' is not a designated sender. <<< 550 5.7.1 ( http://portal.example.net/serverrules ) 550 5.1.1 carol(a)example.net... User unknown Situation: I'm maintaining Bob's MTA server where there is a forwarding rule bob(a)example.com carol(a)example.net in /etc/mail/virtusertable. Carol's MTA strongly checks SPF as a antispam and mail forgery countermeasure and does not allow SMTP whitelisting. Alice's ISP has defined an SPF record like this one: pingu:~> nslookup -q=txt example.org Server: dns1.example.com Address: 192.0.2.46 example.org text = "v=spf1 a:mailout.example.org -all" As I can understand, my MTA does not change the envelope address, i.e. uses "MAIL FROM: alice(a)example.org" instead "MAIL FROM: bob(a)example.com" in the SMTP dialogue, so my host appears as a foreign host for Carol's receiving MTA. I already found the following links about this topic: http://www.openspf.org/FAQ/Forwarding http://en.wikipedia.org/wiki/Sender_Rewriting_Scheme Question: Is there probably a suitable configuration directive on Sendmail's ..mc configuration level or do I have to use a utility like procmail for each mail forwarding to an external target (theoretically for those only which actively checks SPF on the income side) as shown in openspf.org's examples? Thanks in advance. :-) Andreas -- Teste die PC-Sicherheit mit www.sec-check.net
From: D. Stussy on 3 Jul 2008 16:00 "Andreas Meile" <usenet(a)andreas-meile.ch> wrote in message news:6d3ddoFkk35U1(a)mid.individual.net... > In some specific cases, I get postmaster bounce mails like this one: > > ... while talking to mailin.example.net.: > >>> RCPT To:carol(a)example.net > <<< 550-5.7.1 {mx015} The recipient does not accept mails from 'example.org' > over foreign mailservers. > <<< 550-5.7.1 According to the domain's SPF record your host '192.0.2.47' is > not a designated sender. > <<< 550 5.7.1 ( http://portal.example.net/serverrules ) > 550 5.1.1 carol(a)example.net... User unknown > > Situation: I'm maintaining Bob's MTA server where there is a forwarding rule > > bob(a)example.com carol(a)example.net > > in /etc/mail/virtusertable. > > Carol's MTA strongly checks SPF as a antispam and mail forgery > countermeasure and does not allow SMTP whitelisting. > > Alice's ISP has defined an SPF record like this one: > > pingu:~> nslookup -q=txt example.org > Server: dns1.example.com > Address: 192.0.2.46 > > example.org text = "v=spf1 a:mailout.example.org -all" > > As I can understand, my MTA does not change the envelope address, i.e. uses > "MAIL FROM: alice(a)example.org" instead "MAIL FROM: bob(a)example.com" in the > SMTP dialogue, so my host appears as a foreign host for Carol's receiving > MTA. > > I already found the following links about this topic: > > http://www.openspf.org/FAQ/Forwarding > http://en.wikipedia.org/wiki/Sender_Rewriting_Scheme > > Question: Is there probably a suitable configuration directive on Sendmail's > .mc configuration level or do I have to use a utility like procmail for each > mail forwarding to an external target (theoretically for those only which > actively checks SPF on the income side) as shown in openspf.org's examples? > > Thanks in advance. :-) > > Andreas Supposedly "milter-srs". I don't use it.
From: Grant Taylor on 3 Jul 2008 23:02 On 7/3/2008 2:28 AM, Andreas Meile wrote: > Question: Is there probably a suitable configuration directive on > Sendmail's .mc configuration level or do I have to use a utility like > procmail for each mail forwarding to an external target > (theoretically for those only which actively checks SPF on the income > side) as shown in openspf.org's examples? Ah, don't you love it when something works like it is intended to? Seriously, there is not any good way to get Sendmail out of the box to do Sender Rewriting Scheme. However with a little help Sendmail can be made to do it. Take a look at SRS-socketmap (http://www.srs-socketmap.info/) for information at creating a new map to convert the envelope sender address for you. I've been using this SRS socketmap (or at least a *very* close config) for the last year and half with very little trouble. Well, almost. I had to create a new mailer that did not use SRS because I ran in to some receiving servers that balked at receiving an SRS envelope sender. I have created a custom srs.m4 file for inclusion in to the sendmail.mc file that includes a new mailer that can be used via MailerTable to work with domains that do not play well with SRS. If you would like a copy of my srs.m4 feature file, let me know and I'll email it to you. Grant. . . .
|
Pages: 1 Prev: daemon MTA-IPv4: Problem creating SMTP socket? Next: mx points back |