I disagree with many of your points. >> The error in the configuration >> is, that someone can send a message claiming to be from your local >> domain without authentication through your server. >>
> message comes back from a mailing list, Gmail sees the same Message-Id > and discards "a duplicate", members get annoyed. > Message-ID Dupe detection has nothing to do with the addressing of a message. > Besides, the easiest and most convenient way to test for some mail problem > is to send a letter to one's own external forwarder which relays the letter > back to the owner of the forwarder. Forwarders on free mail services > usually don't alter envelope-from. Some listservers too. > IMHO, an automated message which is sent with anything other than a NULL-sender is a buggy set up. And if a mail service, which has a forwarder option, sends the mail with an unaltered envelope-sender, I don't think it's the best thing to do. I've no problem if they leave the header lines with From:/To:/Reply-To: intact, but I opt for changing the envelope-from to the address of the free mail account, as the mail does not originate from the original sender but from the forwarding account. If a list server aka mailing list sends on messages submitted to it without altering the envelope-from it is broken. Or do you like to get every bounce message back to your mail account because some of the member addresses have a problem? I don't! > Mail clients in some mobile phones have an option "copy to self" > (Bcc to the same address as in From). I use it. Some mobile operators > (mine included) closed port 25 and require to send through their relay. > Some mail clients in mobile phones may lack an option to send > to port other than 25 with authentication. > I've got a service for my mobile which uses the correct envelope-from of this account, which basically is the mobile number @domain.com, and has the chosen address in the From: header line. > So, rejecting every message from your domain without authentication > is a bad idea. But in practice usual antispam means (in rcpt ACL) > fend off spam claiming to be from yourself as well as other kinds of spam. > I don't have a problem since years with that, don't have any complaints from my users, both from the commercial side as well as the private users. I think the question here comes down to what the meaning of the envelope-from is. I see this as the address, which obviously must be reachable by mail, and which is the originating account of the message. The originating account of a message is on that domain, where the message gets addressed. Eg. if you send a message from abc.com to def.com, the envelope-sender has to be abc.com. If the user at def.com decides to forward the address to xyz.com, this creates a new message with new addressing elements, originating at domain def.com and therefore should have def.com as envelope-sender. You can leave abc.com in the From:-header of the message, no problem with that. The servers for domain def.com don't have any authority over abc.com, so it should not use that abc.com domain in the technical addressing, meaning envelope. BTW: The hole forwarding stuff fails anyway, as soon as you introduce strict SPF and other similar techniques, if def.com starts sending abc.com messages. So if you favour the forwarding without changing envelope-from, don't use any of these techniques either, they are not compatible by design. But I think this is a case of opinions, which we don't seem to share. And I know that a lot of services in the wild don't play nice. Oliver -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
