Quoting Shaun T. Erickson (ste(_at_)smxy(_dot_)org):
I have published SPF records for my domain. I have also started checking
SPF records, with my MTA (Postfix).
So far, this has worked nicely.
However, I'm seriously considering scrapping it. This is because my
system forwards mail for some clients, which means I need to impliment
SRS. Unfortunately, there appear to be no patches to Postfix that
impliment it (please correct me if I'm wrong). Asking about this on the
Postfix mailing list is no good, as Wietse has made the topic of SPF/SRS
forbidden, and said that anyone bringing it up would be unsubscribed.
I asked about this on the SRS-DISCUSS list, but have not received any
suggestions on what to do, so am posting here, in hopes that someone
knows of patches that will do what I need.
I implemented SRS in a hacked up version of amavisd-lite delivering
to an instance of Postfix for SMTP transport. Transport maps on
the MX servers route email bound for the outside world world to the
srs rewriter. The srs rewriter hands all email to its companion
Postfix instance for final delivery.
This scheme requires a separate instance of Postfix that does not
use the MX server transport maps. The Postfix instance can be on
a different machine, in a BSD jail, or run with one of the schemes
that use alternate Postfix config files. In my case the srs rewriter
runs on my SMTP servers and it is currently disabled while I ponder
the entire SPF/SRS issue.
The rewritten address is in a domain with an MX record pointing to
a Postfix instance that only handles bounces.
A native SRS implementation for Postfix will be a challenge. Victor
Duchovni outlined several of the issues here:
http://www.irbs.net/internet/postfix/0401/1020.html
John Capo
Tuffmail.com