spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[spf-discuss] Re: Fixing Forwarding with RPF

2006-11-11 13:19:22
from [John A. Martin] [Permanent Link] 
"Alex" == Alex van den Bogaerdt
"Re: Re: Fixing Forwarding with RPF"
 Sat, 11 Nov 2006 18:30:44 +0100


    >> Would you please elaborate on the "semi-transparent proxy
    >> mechanism such as postfix has"?

    Alex> http://www.postfix.org/XCLIENT_README.html

    Alex> Basically, the MX server forwards information to the next
    Alex> hop. This next hop uses the information for SPF
    Alex> verification and decides if the MX server should or should
    Alex> not accept the message.

    Alex> Without such an extension, the next hop would not be able
    Alex> to perform SPF verification, as the incoming IP address
    Alex> most likely is not authorized to send mail on behalf of the
    Alex> sender's domain.

    Alex> Perhaps I should have said "transparent proxy".  Whatever.

    Alex> Example:

    Alex> example.com is SPF protected, "v=spf1 ip4:192.0.2.1 -all"

    Alex> A receiver's MX server has address 192.0.2.2 and internally
    Alex> forwards mail to 192.0.2.3

    Alex> 192.0.2.1 sends to 192.0.2.2, using MAIL
    Alex>           FROM:<user(_at_)example(_dot_)com>
    Alex> So far so good.  192.0.2.1 is authorized.  But then
    Alex> 192.0.2.2 is going to relay this message to 192.0.2.3

    Alex> Without this extension:
    Alex> 192.0.2.2 sets up a connection to 192.0.2.3, MAIL
    Alex>           FROM:<user(_at_)example(_dot_)com>
    Alex> 192.0.2.3 calls spf(example.com, 192.0.2.2) resulting in
    Alex>           FAIL

    Alex> Using this extension:
    Alex> 192.0.2.2 sets up a connection to 192.0.2.3, any MAIL FROM
    Alex>           using XCLIENT name=user(_at_)example(_dot_)com
    Alex>           ADDR=192.0.2.1
    Alex> 192.0.2.3 calls spf(example.com, 192.0.2.1) resulting in
    Alex>           PASS

Thank you.  Although I use XCLIENT for debugging it is however not
obvious to me how to option Postfix to do the XCLIENT trick on the
next hop nor how to actually make a smtp client use the XCLIENT
commands Do you have more pointers?  Sample configuration or code?

        jam

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735

Attachment: pgpNZ0n0EzklD.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] Re: DNSOP log, Frank Ellermann
Next by Date:  Re: [spf-discuss] Re: Apache SpamAssassin SPF checks, Stuart D. Gathman
Previous by Thread:  Re: [spf-discuss] Re: Fixing Forwarding with RPF, Alex van den Bogaerdt
Next by Thread:  Re: [spf-discuss] Re: Fixing Forwarding with RPF, Alex van den Bogaerdt
Indexes:  [Date] [Thread] [Top] [All Lists]