On Tue, 2004-03-23 at 11:43 +0000, Shevek wrote:
You should NOT do unconditional SRS rewriting. You should perform it
only when expanding an alias or a .forward file or explicitly
rerouting a mail.
True. You can add other conditions here too. Like rewriting only of the
sending domain actually had an SPF record -- otherwise you're turning a
'default' result into a 'pass' for no reason. And perhaps even rewriting
only if the recipient domain is actually known to check SPF.
Putting an SRS rewrite into the "outgoing mail" stage is a bad idea.
Not necessarily. Putting an _unconditional_ SRS rewrite would be -- but
it's not a bad thing to put it into the 'outgoing mail' stage if you
still do it only under the right circumstances. And it's fairly easy to
detect those circumstances even in the output stage -- if you're sending
a mail with a sender domain which isn't local, it's being forwarded.
My Exim 4 implementation of SRS does precisely that. It rewrites in the
'outgoing mail' stage -- i.e. the Exim 'routers' -- but does so only if:
- The sender address isn't local, and
- Either the recipient domain is _known_ to check SPF and
the sender address is in a domain with SPF records, or
the recipient domain is gmx.de and has known to pull a
list of 'acceptable' IP addresses out of its wossname.
In fact you could replace 'sender address isn't local' with 'SPF
wouldn't pass if I sent this mail with this address' but that's hard.
--
dwmw2