1. Forum
  2. Usenet
  3. COMP.MAIL.SENDMAIL

  • What options do I have to safely (for spf) forward email to external se

    From None@21:1/5 to All on Sun Aug 6 16:48:16 2023
    What options do I have to safely (for spf) forward email to external
    server?I am not really updated with current possibilities and tools for forwarding. Mostly I just forward internally with the virtual user table
    which is sort of ok.

    gmail is still having the ~all so this would probably work fine:

    test@gmail.com -> test@me.com -> test@test.com

    However when a domain has an -all this forwarding will fail (if the
    test.com servers check the spf):

    test@example.com -> test@me.com -> test@test.com


    Is there an option for sendmail to forward replacing test@example.com
    with test@me.com? Or does I need to get some sort of milter to do this.
    What options do I have?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Sun Aug 6 19:52:38 2023
    Am 06.08.2023 um 16:48:16 Uhr schrieb None:

    What options do I have to safely (for spf) forward email to external
    server?I am not really updated with current possibilities and tools
    for forwarding. Mostly I just forward internally with the virtual
    user table which is sort of ok.

    gmail is still having the ~all so this would probably work fine:

    test@gmail.com -> test@me.com -> test@test.com

    However when a domain has an -all this forwarding will fail (if the
    test.com servers check the spf):

    test@example.com -> test@me.com -> test@test.com

    SPF checks the MAIL FROM: in the SMTP session.
    aliases will only rewrite RCPT TO, so it will result in an SPF fail.

    MAIL FROM: needs to be rewritten to a domain that includes your server
    in the SPF record.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From None@21:1/5 to All on Sun Aug 6 23:44:53 2023

    What options do I have to safely (for spf) forward email to external
    server?I am not really updated with current possibilities and tools
    for forwarding. Mostly I just forward internally with the virtual
    user table which is sort of ok.

    gmail is still having the ~all so this would probably work fine:

    test@gmail.com -> test@me.com -> test@test.com

    However when a domain has an -all this forwarding will fail (if the
    test.com servers check the spf):

    test@example.com -> test@me.com -> test@test.com

    SPF checks the MAIL FROM: in the SMTP session.
    aliases will only rewrite RCPT TO, so it will result in an SPF fail.

    MAIL FROM: needs to be rewritten to a domain that includes your server
    in the SPF record.


    Indeed, so how can I do this easiest? Maybe I have to also strip DKIM
    headers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to None on Mon Aug 7 01:52:14 2023
    None wrote:

    Is there an option for sendmail to forward replacing test@example.com
    with test@me.com?

    Address rewriting and rulesets are explained in doc/op/op.*
    It might be a bit complicated...

    You could also look for "SRS" - there are probably example
    rules available (check your favorite search engine).

    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to Marco Moock on Mon Aug 7 03:12:44 2023
    Marco Moock wrote:

    SPF checks the MAIL FROM: in the SMTP session.
    aliases will only rewrite RCPT TO, so it will result in an SPF fail.

    op.*:
    2.6.3. List owners
    ...
    List owners also cause the envelope sender
    address to be modified. The contents of the owner
    alias are used if they point to a single user, oth-
    erwise the name of the alias itself is used.

    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From None@21:1/5 to All on Mon Aug 7 11:56:31 2023

    Is there an option for sendmail to forward replacing test@example.com
    with test@me.com?

    Address rewriting and rulesets are explained in doc/op/op.*
    It might be a bit complicated...

    You could also look for "SRS" - there are probably example
    rules available (check your favorite search engine).


    Thanks! This SRS was indeed the perfect keyword to search for. I
    currently have this sort of setup. Where external email is received on a
    mx server that relays to local mail server for users to collect their
    email.

    email

    |
    |
    |
    V
    +------------+
    | MX |
    | |
    | accessmap |
    | |
    +------+-----+
    |
    |
    |
    +------+-----+
    | LOCAL |
    | |
    | virtuser |
    | |
    +------------+

    1. Ideally (I guess) I would like to have the MX servers check if the
    email needs local delivery or forwarded, and if it is externally
    forwarded, it should go through the srs milter on the mx servers to the external server. Or would this be impossible to do here? Maybe only the
    LOCAL would be able to forward the message?
    (I prefer to use sendmail, and not have lookups done by the milter in eg
    mysql)

    2. Do you know if the ‘reply to’ in mail clients still use the original email address, or will this be changed?

    [1]
    https://github.com/d--j/srs-milter

    [2]
    http://www.open-spf.org/SRS/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From None@21:1/5 to All on Wed Aug 9 12:43:19 2023
    Is there an option for sendmail to forward replacing test@example.com
    with test@me.com?

    Address rewriting and rulesets are explained in doc/op/op.*
    It might be a bit complicated...


    What is the recommended url of reading this online?

    https://www.sendmail.org/~ca/email/
    this has some older stuff.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Wed Aug 9 13:18:48 2023
    Am 09.08.2023 um 12:43:19 Uhr schrieb None:

    What is the recommended url of reading this online?

    ftp://ftp.sendmail.org/pub/sendmail/

    Search the tar.gz archive for your version, unpack it.

    IIRC there is no direct URL on this server that has the file contents
    for reading in the browser.

    There is a service on fossies.org that has these archives unpacked: https://fossies.org/linux/misc/sendmail.8.17.2.tar.gz/

    https://fossies.org/linux/sendmail/doc/op/op.me

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From None@21:1/5 to All on Wed Aug 9 22:42:40 2023
    There is a service on fossies.org that has these archives unpacked: https://fossies.org/linux/misc/sendmail.8.17.2.tar.gz/

    https://fossies.org/linux/sendmail/doc/op/op.me


    I can't open the .me can't open the .ps. This .me looks crappy online
    wtf is this not just in html

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to None on Thu Aug 10 01:41:41 2023
    None wrote:

    I can't open the .me can't open the .ps. This .me looks crappy online

    Why don't you use the documentation that comes with the
    source code distribution?

    (that will even include a Makefile to convert .me to
    other formats... - man nroff / man groff)

    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Thu Aug 10 08:40:58 2023
    Am 09.08.2023 schrieb None <hzcnjkx656@tormails.com>:

    I can't open the .me can't open the .ps.
    You can read the .ps with the Linux software gv.

    You can also use pdf2ps to convert it to pdf.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andreas S. Kerber@21:1/5 to None on Thu Aug 10 07:38:47 2023
    None <hzcnjkx656@tormails.com> wrote:
    I can't open the .me can't open the .ps. This .me looks crappy online
    wtf is this not just in html

    I converted 8.17.2 .ps file to html at this url: https://hilfe.idkom.de/sendmail/op.html

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)