On 12/18/2011 7:15 PM, Steve Fatula wrote: > So, in general, what I am asking is what is the currently accepted best > practice (if any)? I see spf as the tool to detect it, not my question. I am > asking if mail systems could allow it, yet, be good netcitizens.
So to make this crystal clear, you are asking if your users should be allowed to SUBMIT mail for RELAY through your Postfix server, with such email having a From: header containing a domain not in your Postfix configuration. Is this correct? I.e. roaming users who have many email accounts and, for whatever reasons, have trouble selecting the proper outbound relay when they send email from a particular MUA profile? I guess this decision boils down to how much you trust your users. There are a few legitimate scenarios for allowing this. One, if you're an ISP, is customers on dynamic IP broadband who host their own mail server and domain. As they can't send direct to MX effectively they must relay all mail with AUTH through your server. In this case the From: header will never match your domains. I did exactly this with SBC/ATT/Yahoo relays for many years when I hosted my personal MX on a dynamic IP dsl line (gasp). -- Stan