On 10/17/20 6:42 PM, Wietse Venema wrote: > Jaroslaw Rafa: >> Dnia 17.10.2020 o godz. 18:25:13 Wietse Venema pisze: >>> For the port >>> 25 MTA-to-MTA service one can then reject all mail from a remote >>> site that claims to be from a local user. >> >> That's not a good idea. Assume domain.com is configured that way and some >> user on a completely different domain (us...@site.net) forwards their mail >> to us...@domain.com. Then what happens if some otheru...@domain.com sends >> mail to us...@site.net ? > > [historical scenario omitted] > > Exactly the scanario that SPF and the like are supposed to prevent. > > Wietse
To elaborate, my understanding is that site.net should use MAIL FROM:<us...@site.net>, but leave the body unchanged. domain.com will then accept the message, as it is from an IP in site.net's SPF record, and DKIM ignores the envelope. Demi
OpenPGP_0xB288B55FFF9C22C1.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
