Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Giuliano Gavazzi
Date:  
À: David Woodhouse, J Yunke
CC: exim-users
Sujet: Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?
At 9:55 am +0000 2004/03/21, David Woodhouse wrote:
>they did not send, the page at http://www.infradead.org/rpr.html has an
>example of how to do that _without_ needing to change the way the world
>works. Basically you do rewriting only on your _own_ outgoing addresses,
>so the 'raw' address (e.g. dwmw2@???) is never used in valid
>MAIL FROM:. Then you can reject bounces to that address -- and anyone
>doing sender verification callouts will hence also reject faked mail
>_from_ that address.



this, I think, is even a worse method than SPF as it breaks those
mechanisms that rely on the envelope address.
Forwarding is broken already in that it can generate spurious
bounces, and the only way I see that solved is by having forwarding
explicitly authorised by the receiving end. A rule [accept:
<forwarding server>---><target local user>] should be set for each
authorised forwarding, and SPF or bounces problems go away.
Or am I having a delirium...?

Giuliano