NAVIGATION
CATEGORIES
REFERRENCE
LINKS
Implementing SRS (possible approaches!?)
1 answers - 1887 bytes -
PGP SIGNED MESSAGE
Hash: SHA1
Hi,
Recently, I start receiving bounce messages from some mails
that we forward for another domain complaining about SPF. I was
pointed to openspf.org [1]why page that shows me that:
If your mail was correctly sent, but was rejected because
it passed through a forwarding service, you can either
mail the final destination address directly (it should be
shown in the bounce message) or you ask the forwarder to
implement SRS. If neither of these suggestions is
practical, change your "-all" to "?all" until a more
comprehensive approach to sender authentication involving
cryptography solves the forwarding problem for good. For
more information on this problem, see pages 15-16 of the
SPF Whitepaper.
I tried to search around to find some information about SRS
with qmail-ldap, but I only found [2]this article and, first
looking, I do not like the approach.
I would like to check a couple of things:
a) Is there another approach to solve the problem?
If using SPF solve the problem, I prefer to use it,
instead of rewrite all my messages. Maybe add a
rewrite rule or something like that in the mails I
am forwarding?
b) If there is no other way to go and implement SRS is the
only way, somebody already did that? Could point me to
docs, scripts and/or references?
Thanks in advance, kind regards!
References:
2.http://wooledge.org/~greg/qmail-srs.html
- --
Felipe Augusto van de Wiel <felipe (AT) paranacidade (DOT) org.br>
Coordenadoria de Tecnologia da Io (CTI) - SEDU/PARANACIDADE
Phone: (+55 41 3350 3300)
PGP SIGNATURE
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
77sSRIXc5wfEd6nDYLjnwbM=
=8WSN
PGP SIGNATURENo.1 | | 930 bytes |
| 
Felipe Augusto van de Wiel schrieb:
Hi,
Recently, I start receiving bounce messages from some mails
that we forward for another domain complaining about SPF. I was
pointed to openspf.org [1]why page that shows me that:
qmail-ldap will not support SPF (as Claudio repeatedly said), because of
exactly these problems (forwarding does not work any more and some other
problems). SPF is broken by design (TM).
I am personally waiting for something like domainkeys (like it's
currently used by Yahoo), which uses an cryptographic approach. That
would be an much cleanear solution in my opinion. It seems that even the
SPF-people have realized that:
If neither of these suggestions is
practical, change your "-all" to "?all" until a more
comprehensive approach to sender authentication involving
cryptography solves the forwarding problem for good.
Philipp
QUESTION ON "Networking"
- Latest sa-stats from last week
- Generic NMEA GPS Receiver driver w/ PPSexpects PPS after NMEA data
- NBU 5.1 MP5
- PPP multilink synchronization
- Generic NMEA GPS Receiver driver w/ PPSexpects PPS after NMEA data
- spams regarding financing of residence and GeoCities
- Debugging Dropped Traffic
- Taking advantage of route-refresh
- Media Manager error 44
- Replication of LDAP extended operations
- Automatic redirection
- enabling syslog service in freeradius-1.1.1
- ippool
- dcef disabled on VIP 2-40 Slot !
- ctl_deliver or cyr_expire?
- readproctitle service errors: ...nied?setuidgid: fatal: unable to
- exim sometimes requeues messages after local_scan()
- This Version of Cisco IOS Software is not supportedonNPE300
- Latest sa-stats from last week
- Latest sa-stats from last week