On Tuesday 10 April 2007 12:25, Tony Finch wrote:
> On Tue, 10 Apr 2007, Magnus Holmgren wrote:
> > SPF doesn't break forwarding if employed carefully. Mail isn't forwarded
> > totally randomly; in sane configurations a user U tells a system A to
> > forward his mail to system B. If B wants to enforce SPF, they have to
> > allow U to tell them about this forwarding, so that an exception can be
> > made.
>
> It's unreasonable to expect users to do this.
Not more so than expecting them to choose good passwords...(?)
The hard part would be getting the message to them and getting them to
understand it. Setting it up can be automated in the following manner:
1. U tells A to forward mail to user+whatever@??? (how this is
done is of course outside the scope of A). "+whatever" can be optional, but
recommended, and chosen by the user.
2. U sends off a mail to user@??? using B's submission server.
3. B recognises the mail when it comes back and uses the available information
to construct an as good exception as possible.
No harder than putting together IKEA furniture, if you ask me...
Now for how to implement this with Exim...
> > Otherwise they could specify the IP addresses the forwarded mail can
> > come from (but that's complicated), or in many cases simply specifying
> > the mail address forwarded from, letting the SPF-enforcing server make
> > educated guesses, can work.
>
> That's remarkably optimistic.
You'd of course make sure that you stay on the safe (false negative) side.
--
Magnus Holmgren holmgren@???
(No Cc of list mail needed, thanks)
"Exim is better at being younger, whereas sendmail is better for
Scrabble (50 point bonus for clearing your rack)" -- Dave Evans