On 12/18/2011 7:15 PM, Steve Fatula wrote:

> So, in general, what I am asking is what is the currently accepted best 
> practice (if any)? I see spf as the tool to detect it, not my question. I am 
> asking if mail systems could allow it, yet, be good netcitizens. 

So to make this crystal clear, you are asking if your users should be
allowed to SUBMIT mail for RELAY through your Postfix server, with such
email having a From: header containing a domain not in your Postfix
configuration.  Is this correct?  I.e. roaming users who have many email
accounts and, for whatever reasons, have trouble selecting the proper
outbound relay when they send email from a particular MUA profile?

I guess this decision boils down to how much you trust your users.
There are a few legitimate scenarios for allowing this.  One, if you're
an ISP, is customers on dynamic IP broadband who host their own mail
server and domain.  As they can't send direct to MX effectively they
must relay all mail with AUTH through your server.  In this case the
From: header will never match your domains.  I did exactly this with
SBC/ATT/Yahoo relays for many years when I hosted my personal MX on a
dynamic IP dsl line (gasp).

-- 
Stan

Reply via email to