1. ARC not provide a way to send bounce to sender when rcpt behind srs
can't accept email due to x reasons. SRS needed when you doing
forwarding service.
2. ARC not used on practice to trust email without DKIM and failed SPF,
if you not rewrite envelope on forwarding mentioned rspamd will
potentially reject you or at least give noticeable more score, so your
statement is false.
3. ARC validation in general in SMTP is not for that cases. It will not
solve case with failed SPF without DKIM even if email would be ARC
signed. F.e. I can write that I'm envel...@somesender.com, put by myself
Recieved header like it was received by IP that by SPF of somesender.com
is allowed, and sign email with ARC, is this would mean it's was really
sent by somesender.com? No. It can be trusted? No.
JFYI I not say to not use ARC, I just say ARC is not a solution for this
sort of task.
Regards,
Dmytro Alieksieiev
DevOps Engineer
On 18/04/2025 13:34, Benny Pedersen via Postfix-users wrote:
Dmytro Alieksieiev skrev den 2025-04-18 13:25:
Hi Benn, you want propose any better alternatives for a forwarding to
not break SPF and have ability properly send emails without DKIM?
the forwarding host have there own spf record, so fix this, its
teknical not possible to have borh envelope sender domains keeped
aligned in dmarc, but the forwarding host envelope domain can still
pass spf from the mta sending point, if one need more its time to
setup rspamd on the forwarding server to do ARC-Seal, ARC-Sign, so
trustness can be build up from the origin domain
see headers from my mail here, its perfect, thanks for finaly see
sys4.de knows what thay do with rspamd now :=)
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
