On Friday, May 18 at 03:49 PM, quoth Oliver Welter:
Big trouble here - I have a customer that relays through my server.
He relays using the address of his employeer as sender and sends
mails to other people at this employeer. Their server has published
SPF records and the Spam Wall blacklists me because I am trying to
send mail that breaks the SPF rules.
And thus, the glory that is SPF rears its head. <sigh>
His employer has (in the SPF rules) forbidden your customer from doing
what he's doing. There's not a TON that you can do about that.
Is there a trick to ensure that relaying people can use only local
domains as sender address or at least to reject mails based on SPF ?
Well... Sure. But it's a bit of work. Essentially, you need to write a
wrapper around qmail-queue (or, as Charles suggested, use
qmail-qfilter) to do the following:
if RELAYCLIENT is set
if any recipient is not in locals or virtualdomains
(that isn't a perfect test, but it's reasonable)
if the SPF rules of the sender forbid relaying
reject
...otherwise...
accept
OR you can implement SPF sender rewriting (aka SRS) on your system.
There's a howto here: http://wooledge.org/%7Egreg/qmail-srs.html
(though I can't vouch for it's effectiveness).
~Kyle
--
Look, I can surely say by now that I've got the antibodies to
communism inside me. But when I think of consumer society, with all
its tragedies, I wonder which of the two systems is better.
-- Pope John Paul II, 1979
signature.asc
Description: Digital signature
|