Hello Postfix-users!
And hello everyone who may still remember me.
Wietse, Victor, maybe Ralf is still here too..
With very warm regards and memory I'm here again.
LTNS, Very Long!.. :)
It's been long time since I touched email as well, besides
maintaining small postfix instances on servers to accept
some internal emails and forward them to central place.
And it seems quite something has changed when I was away.
For a few days we with a customer of ours were trying to
figure out how to configure current "big" mailservers
("big" in a sense that they're used by large corporations,
bot because they scale well or something) to forward mail
properly. And finally, after quite some work, come to a
conclusion that some of them just CAN NOT be configured.
The thing is that while forwarding (redirecting) mail to
some other address, the system changes envelope-from to
the same address which it is forwarding FROM. For example,
if one wants to forward mail sent from any...@example.com
to address forw...@example.com, so it comes to tar...@example.org,
in the process of forwarding, the envelope-from, which
originally was any...@example.com, is changed to
forw...@example.com. So when tar...@example.org receives
this message, it's envelope-from is not the original but
the forward.
Now imagine what happens when something goes wrong when sending
mail to tar...@example.org. Where the bounce will be sent to?
This is what actually happened here. And no, there was no
mail loop as one can imagine - the mail system does not
forward email with empty envelope-from, - it is dropped
to forw...@example.com MAILBOX!. Well, no mail loop is a
good thing, at least.
We tested 4 big commertial mail servers. Two of them are
MS Exchange and Comunigate Pro. And all 4 behaves exactly
the same - they all change envelope-from when forwarding.
On exchange the admins (I'm not one of them) found no way
to preserve the original envelope-from at all. On CGP,
there IS a way, but the feature is marked as deprecated and
may be dropped in a future release. I know nothing about
the other 2, but at least by default they too change the
envelope-from.
Now when I think about all this, - there's SPF and other
similar technologies, and in this context, changing
envelope-from like this makes sense. But seriously, what
to do with bounces?
Also, who really cares about _envelope_ from? What people
see is *header* from, and it is still easily spoofable
(without cryptography), yet we have this forwarding prob
with _envelope_-from.
I'm in early-days-of-SPF context still, in a perfect world
where email - especially with Postfix - Just Works (and
we have lots of issues with spoofing).
What is the situation now? Where the (email) world is
going to?
Thank you!
/mjt
