On Fri, Jul 16, 2004 at 01:31:29PM -0700, cak+spf(_at_)dimebank(_dot_)com wrote:
Now, another issue - I got an SPF bounce that was surprising.
It would appear that mail forwarding across domains doesn't work
quite right with SPF - certainly not as hoped/expected:
Diagnostic-Code: SMTP; 550 5.7.1 <cak(_at_)dimebank(_dot_)com>... Please see
http://spf.pobox.com/why(_dot_)html?sender=cak(_at_)dimebank(_dot_)com&ip=66.80.9.250&receiver=moose.dimebank.com
This is on a piece of mail sent by me to pac(_at_)aratar(_dot_)com(_dot_)
Now, pac's mailbox on ulmo.aratar.com forwards to
pac(_at_)dimebank(_dot_)com, which
comes back to my server. Except that now it looks to spfmilter/libspf
as if ulmo.aratar.com is originating mail from cak(_at_)dimebank(_dot_)com,
which isn't allowed by the TXT record ... so it bounces.
That seems broken - I have to add every host that might forward mail
to my machine? And, it would seem, anyone out there who might have
a forwarding alias somewhere (say, from one big mail system to another)
would have to be entered in many TXT records to allow mail to flow?
Am I missing something obvious here?
I think what you're missing here is http://spf.pobox.com/faq.html#forwarding
You could also whitelist the forwarders in your local spf checking
implementation.
Koen
--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Send us money! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
pgpnL4sRY8zkt.pgp
Description: PGP signature