Seth Goodman wrote:
I think we're getting close here. For the following SPF record and SRS0
rewritten MAIL FROM:,
"v=spf1 a mx exists:%{s}._ses.example.com -all"
MAIL
FROM:<SRS0=example(_dot_)com=7fGy=7G=SES0=a69L=7G=user(_at_)forwarder(_dot_)com>
the expansion of the SPF record is:
spf1 a mx exists:forwarder._ses.example.com
where a = IP expression for outgoing MTA's of forwarder.com
mx = IP of MX of forwarder.com
The %s macro is the source address, which is SPF parlance is the _current
sender_, not the _originating sender_, which is what we want. I therefore
expanded to "forwarder._ses.example.com" instead of
"SES0=a69L=7G=user._ses.example.com", which is, I think, what you actually
wanted.
Now I see what you mean. If the forwarder has applied SRS and the SPF record
of example.com says "do not check the SPF record of any forwarder", then the
'exists' must extract the original sender from the rewitten sender.
So we need the new macro %f (First sender) which expands to the local part
of the original sender (or maybe the complete original envelope sender).
Roger