ecsd(_at_)transbay(_dot_)net wrote:
Yet when a remote user connects to mail.transbay.net to have mail sent
for them,
spfmilter rejects the user's connection.
I cannot convert all my users to AUTH - and intuitively I should not
have to worry
about that.
You have 3 mechanisms available (in order of preference):
1. Use port 587 with AUTH for mail injection. Configure submit.mc to not
call the milter.
2. Use port 587 without AUTH, but you'll technically create an open
relay, unless you whitelist the incoming IP addreses, or use
POP-before-SMTP. Do not use the milter on the 587 connection (submit.mc).
3. Use port 25 with AUTH. Configure Milter to not check authenticated
connections (in your sendmail.mc)
4. Do what you do now, but publish a record that ends with ~all
(softfail), until all users have converted to using #1.
SPF should not be checked on injected email, it was not meant for that.
Greetings,
Radu.