I have noticed this aswell, when badly configured forwarding servers don't
forward their mails correctly.
For example, take a example that:
someu...@somecorporation.com
is forwarded to
some.u...@somefreewebmail.com
You send a mail to someu...@somecorporation.com
Later on, you get a DSN (because SPF validated from somecorporation.com's
point of view) that the "somefreewebmail.com" server rejected the mail due
to a SPF failure.
This is because some people don't know how to propely configure their
forwarding mail servers.
If you are going to forward a mail to a end-user specified server, you ought
to either:
Rewrite the original sender to match the mail its originally sent to, so the
mail appear as sent by "someu...@somecorporation.com", eg
A mail from "u...@example.org" to "someu...@somecorporation.com" is
forwarded as from "someu...@somecorporation.com" to
"some.u...@somefreewebmail.com"
This is not RFC compatible, and to avoid being catched in spam filters, you
also have to change the From: header in the same way.
For the receiver to correctly identify the sender and be able to reply, you
would have to include the sender email adress in the body or subject.
The reply button in this scenario then gets broken, so a replyer has to
reply manually.
Another way, that is the preferred RFC way to do it, is to encapsulate the
mail in a new message/rfc822 container, and adding Fwd: to the original
subject of the outside container.
(This is how most mail clients "forward" a message)
To reply to a message, you would have to reply to the "inner" message.
So a mail like:
From: u...@example.org
To: someu...@somecorporation.com
Subject: test
Content-Type: text/plain
Is forwarded as:
From: someu...@somecorporation.com
To: some.u...@somefreewebmail.com
Subject: Fwd: test
Content-Type: message/rfc822
From: u...@example.org
To: someu...@somecorporation.com
Subject: test
Content-Type: text/plain
Same I have noticed with web forms that are badly configured to "spoof" the
sender entered in web form, rather than sending from a "static" adress and
then displaying the original sender in the subject or body of message.
I don't know if theres a possibility to encapsulate a message in a new
message/rfc822 container in postfix, but anyways it should be possible to do
with a milter, if you want to set up a forwarding postfix server.
-Ursprungligt meddelande-
Från: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] För li...@lazygranch.com
Skickat: den 14 april 2016 03:11
Till: postfix-users@postfix.org
Ämne: Re: Special method required for Gmail dkim/spf verification
On Wed, 13 Apr 2016 17:08:57 -0700
li...@lazygranch.com wrote:
> Yesterday's Google report had me passing. Could be related to adding
> the Google term to DNS.
>
Hold the presses here. It turns out my domain was spoofed in the report that
failed. The IP address used isn't mine. In the passing report, it was my IP
address, which makes sense since my SPF and DKIM are fine.
The offending IP address comes back to UC Berkeley. If I ever get an
official answer regarding the event, I will do a follow up.
Needless to say, I think the DMARC quarantine is a good idea.
smime.p7s
Description: S/MIME Cryptographic Signature
