Well ok... if you want to pick nits :-)
I guess I should have said:
The listserver, and one of the email accounts, originate mail on the
host (the email account, using pine) - so, for SPF purposes, the mail
comes from an IP address listed in the SPF record for the domain in the
envelop sender, and all works just fine.
But... for the other two email accounts, mail originates from desktop
clients (Thunderbird). And here's the rub:
- I want to apply virus and spam checks to incoming mail, but...
- for SPF purposes, the incoming mail comes from the dynamic IP of the
desktop client, so it's hard/impossible to set up an SPF record to match
that IP (unless one wants to pass the check for, say, all email coming
from the broad range of IP addresses used by the local Comcast broadband
service)
- so, mail submitted from desktop clients is getting marked as failing
the SPF check
In any case, I've since received some answers about how to set up
postfix to treat mail from authenticated clients differently that solves
my problem.
Miles
Jo Rhett wrote:
I'm sorry, but your query below does not parse. The envelope sender
does not change depending on which host it arrives from when using
Thunderbird et al. The host from which it arrives changes, but that's
not part of the envelope.
And yes, you can disable anything with a network profile. rtfm.
Miles Fidelman wrote:
I starting to set up SPF records for the domains I manage, and have
run into a little snag. I hope somebody can suggest an approach:
BASIC CONFIGURATION:
Debian Sarge
Postfix (from stable - so it's a relatively old version, 2.1 I believe)
amavisd-new
spamassassin
clamav
Postfix configured with postfix-tls (SASL) but only for MD-5
authentication of incoming SMTP
For the most part, I use the machine as a list server (Sympa) and web
host, but I also have three email accounts on the box.
The listserver, and one of the email accounts, originate mail on the
host (the email account, using pine) - so, for SPF purposes, the
envelope sender is always the server, and all works just fine.
But... for the other two email accounts, mail originates from desktop
clients (Thunderbird). And here's the rub:
- I want to apply virus and spam checks to incoming mail, but...
- for SPF purposes, the envelope sender is now the dynamic IP of the
desktop clients, so it's hard/impossible to put that in the SPF record
- so, mail submitted from desktop clients is getting marked as
failing the SPF check
So... is there a way to turn off SPF checks for mail coming from
authenticated clients, without turning off all the other checks (as,
for example, would happen if mail was submitted via port 587)?
