On Sun, Nov 12, 2006 at 11:24:20PM +0100, Ralf Doeblitz wrote:
I don't think this would be the best solution. The exist mechanism
combined with macro expansion can almost do the job.
Sender: A
Forwarder: B
Forwarded-to: C
The problem:
A publishes an SPF record, authorizing only host A
B uses "MAIL FROM:<user(_at_)A>"
C tries to match host B in the SPF record of A.
How does your proposal work?
C uses a local whitelist prepended to the SPF record of A and can integrate
the whitelist specified by its own user. The extensions are only necessary
if you need to differenciate between multiple domains and/or serves on the
receiving end, otherwise the existing macro mechanism is sufficient.
Simplified example, to see if I understand what you mean:
C knows that B is forwarding.
IP address of B is 192.0.2.1
A is sending mail to B, B forwards to C
C does:
-1- fetch record from A (because of MAIL FROM:<user(_at_)A>)
-2- local whitelist: s/v=spf1 /v=spf1 ip4:192.0.2.1 /
-3- normal processing
Yes, this works. But it does not solve the problem at hand.
RPF was made up to solve "C knows that B is forwarding."
Your proposal (if I interpreted it right) solves the steps
thereafter, in a different way than I suggested.
I don't see obvious advantages. Why start the SPF process at
all, in stead of doing "if not whitelisted, then do SPF" ?
Alex
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735