On 2017-04-18 00:04:07 (+0200), Benny Pedersen <m...@junc.eu> wrote:
Philip Paeps skrev den 2017-04-17 19:49:
On 2017-04-17 19:33:36 (+0200), Geert Stappers <stapp...@debian.org>
wrote:
teamfoo:
localcopy
j...@example.com
b...@domain.tld
john@some.where
Bob checks SPF on incoming messages.
Bob should not be checking SPF from your mailserver if he knows
there's a forward / expander there.
the forwarding host ip can be added to spf whitelist in mta stage
where spf is being breaked, doing so will in case of spamassaasin
check spf for the real sender ips that is the originating ip
Sure. That's a possibility.
Checking SPF breaks email forwarding.
incorrect since enveloper domain changes on the forward host
Only if you take steps to change the envelope. In a normal/default
setup, the envelope will not be changed.
The easiest way to do this, is for Bob to check a list of
forwarders in his ``smtpd_sender_restrictions`` if he's using Postfix.
its not postfix job of make envelope sender fixses
Correct.
since spf is not dkim, or even sid-milter that breaks spf by checking
from: header with breaks spf, i think most users see sender-id as a spf
fail there in, but its not spf
spf is maillists safe, so why say forwarding breaks spf ?
SPF is only "safe" for mailing lists if the mailing list takes ownership
of the message and remails it with a new envelope. SPF is not "safe"
when you're simply forwarding the message (i.e.: without changing the
envelope).
If you check SPF, you need to whitelist every machine that forwards mail
for you. Your backup MX for one. But also every other host that you
know legitimately forwards mail for you.
DKIM is completely unrelated.
Philip
--
Philip Paeps
Senior Reality Engineer
Ministry of Information
