Re: [swinog] Broken SPF Check implementation in Microsoft Exchange Forefront?
Hi Benoit, On Mon, Dec 02, 2013 at 16:54:59 +0100, Benoit Panizzon wrote: > Today, I discovered, that emails whose envelope sender matched the DNS SPF > record, but whose From: Header did not (like after the envelope sender has > being rewritten by SRS) were rejected by a hosted exchange server provider. Could it be that a DMARC policy is defined for the domain in the From: header? With DMARC the From: header is checked too. Cheers David ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Broken SPF Check implementation in Microsoft Exchange Forefront?
On Mon, Dec 02, 2013 at 05:20:25PM +0100, Klaus Ethgen wrote: > I had one of this issue in Univerity too. same in the cantonal mail server ne.ch. customer had to hack a pipe to a procmail to change the enveloppe so that a simple mail reflector works. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Broken SPF Check implementation in Microsoft Exchange Forefront?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Mo den 2. Dez 2013 um 16:54 schrieb Benoit Panizzon: > Today, I discovered, that emails whose envelope sender matched the DNS SPF > record, but whose From: Header did not (like after the envelope sender has > being rewritten by SRS) were rejected by a hosted exchange server provider. > > I got in contact with that admin and he told me that this was the way the SPF > check works in the Microsoft Exchange Forefront Server. > > Well, according to the RFC 4408 only HELO or MAIL FROM are being considered > for SPF. Not the From: header. > Is there anyone out there who can confirm, that Microsoft Exchange Forefront > Server realy has such a broken SPF implementation. Or did the exchange admin > just misconfigure his server? Yes, this is a common fact that microsoft does this wrong. Unfortunately the responsible "admins" are even worse and try to tell you that "this is from microsoft, that is a correct behaviour". You always have to work around this. I had one of this issue in Univerity too. Regards Klaus Ethgen - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQGcBAEBCgAGBQJSnLNHAAoJEKZ8CrGAGfasoFML/3sP8hb+6abrOtKMVM2PuBUu kGVhAG2pxIbA8nWWbVxcDmF92egdnU9Pzasrd93n/sNHqRL+eq1BP/BpXfSI40oB R2miR5gnVHa93+ddy1GsNoJXAahzM4IUakAfMK3JSMsPATngGPRy5tAmUm8jQ4jY w5rMgpIJK8gVd66/pImxKxacRpQiOGZ9u8c7C37JahS7CgZjyQwls8etJ78JsBPe ll365kHPVAxpIxqXLOoqgIKTYyz6SwNxrzDbrhqDEDLz5JfSACk9NqYwrw99DtH+ UwL1LCfSsam5HI0YtJ6J69HelYe7IgmA+tMBRiMPPtvQxdYWa0xvcoHV/W7EGDZj /RZq6eZahgKVHl0MZDFKHPAEtTGGUemeGKcAZDTGVCe5CQjuW+QVV4iMW/SJVPm+ g28VMaBH3Z92ubXx2RDLG5Zklx2BrMjzF8WUJ45jhZ2+SdNgBdQoQII18Jq7M1uV jRhTfRG4bJramJeFqZO+dsZWNVLOhpw0ViUrJGxsmQ== =0cYh -END PGP SIGNATURE- ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Broken SPF Check implementation in Microsoft Exchange Forefront?
Hellou Today, I discovered, that emails whose envelope sender matched the DNS SPF record, but whose From: Header did not (like after the envelope sender has being rewritten by SRS) were rejected by a hosted exchange server provider. I got in contact with that admin and he told me that this was the way the SPF check works in the Microsoft Exchange Forefront Server. Well, according to the RFC 4408 only HELO or MAIL FROM are being considered for SPF. Not the From: header. Is there anyone out there who can confirm, that Microsoft Exchange Forefront Server realy has such a broken SPF implementation. Or did the exchange admin just misconfigure his server? Mit freundlichen GrĂ¼ssen Benoit Panizzon -- I m p r o W a r e A G- __ Zurlindenstrasse 29 Tel +41 61 826 93 07 CH-4133 PrattelnFax +41 61 826 93 02 Schweiz Web http://www.imp.ch __ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] SwiNOG-BE127 - Postponed
Dear All The SwiNOG-BE 127 has been postponed to next week. More details to follow... -- SwiNOG Organisation Roman Hochuli Board Member ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
