Re: team alias and SPF

Mon, 17 Apr 2017 10:50:34 -0700 

On 2017-04-17 19:33:36 (+0200), Geert Stappers <stapp...@debian.org> wrote:

teamfoo:
 localcopy
 j...@example.com
 b...@domain.tld
 john@some.where

Bob checks SPF on incoming messages.
Bob should not be checking SPF from your mailserver if he knows there's a forward / expander there. Checking SPF breaks email forwarding. The easiest way to do this, is for Bob to check a list of forwarders in his ``smtpd_sender_restrictions`` if he's using Postfix. 

   main.cf:
   smtpd_sender_restrictions =
       [...]
       check_client_access hash:$config_directory/access_forwarders
       [....]

   access_forwarders:
       [...]
       your_server.example.com  OK
       [...]
If Bob wants to verify SPF, he should have a table like that whitelisting every host he knows forwards mail to him. This is really Bob's problem and not yours... 


In the year 2017 is that all correct behaviour.
Several years earlier was a team alias best pratice.
Now I'm looking for a successor.


If you check SPF, you should be prepared to whitelist known forwarders.


I think the right approach is
* recieve the e-mail
* rewrite some headers
** the Alice From should go into Reply To
** new From is team...@projecthost.my.domain


Note that SPF checks the envelope From (5321.From) not the header From.


* send the message of Alice to the foo team members
If bob is the only recipient who causes you grief, you should ask him not to check SPF for your server, since this is really his problem. 
If you want to make it your problem (or it's been made your problem),
there are two options: you could run a mailing list (e.g. mailman) which rewrites the envelopes or you could use e.g. postsrsd to rewrite the envelopes. Note that postsrsd will rewrite all your envelopes, regardless of whether the address was expanded. 

https://github.com/roehling/postsrsd
Mailman and postsrsd are both trivial to set up. My preference would be for mailman because postsrsd will but it will rewrite all envelopes, something which I personally would find upsetting but your views may differ. 

Philip

--
Philip Paeps
Senior Reality Engineer
Ministry of Information

Reply via email to