Issues with SPF and forwarding on a mailbox.

Discussion in 'General' started by djtremors, Oct 6, 2006.

  1. djtremors

    djtremors ISPConfig Developer ISPConfig Developer

    Hey all. had a funny issue which i am still yet to figure out a solution to.

    I have an external domain which has SPF records and my own external server which uses SPF as well and what I have is an ISPC server which is using forwarding to forward mails to my SPF enabled server.

    My server is dropping the sending users emails because it is forwarded via the ISPC machine which isn't in the SPF records.

    I need to make it allow it as a normal forward (change the from) somehow and i can't just add the ISPC server to the senders SPF records because it can happen on any sender using SPF.

    ISPC server forwarding emails
    +---------------------------------my SPF enabled Server
    |
    |
    |
    Sender SPF server

    any ideas?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig uses a procmail recipe in the users home directory for forwarding. Maybe you can chenge the from line there.
     
  3. djtremors

    djtremors ISPConfig Developer ISPConfig Developer

    well the problem is that it's acting like a relay more than a forward so the email is kept 100% intacted which i love but causes mail to be rejected due to SPF rules.

    Is there a way I can emulate (using procmail rules) doing a normal forward? I suppose the From must be changed to make this work properly.
     
  4. falko

    falko Super Moderator ISPConfig Developer

    You can try to forward your emails using /etc/aliases (don't forget to run
    Code:
    newaliases
    after you've changed the file).
    If you want to use procmail recipes, you must switch off forwarding in ISPConfig, and then in the .procmailrc file in the user's homedir you must add your forwarding recipe. Please note: the recipe will be lost whenever you make changes to that account in ISPConfig!
     
  5. djtremors

    djtremors ISPConfig Developer ISPConfig Developer

    Hmm, doesn't look like a straight forward/easy fix as I would have to make changes to all domains who forward making administration a nightmare.

    Might be an idea to allow procmail filters in the way that http has httpinclude options so we can put in our own rules. Maybe put in the advanced section of the users emails.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    If you change the mstaer template of the forwarding procmail recipe (in /root/ispconfig/conf), you dont have to include individual procmail recipes in the .procmailrc file.

    Thats a good idea.
     
  7. falko

    falko Super Moderator ISPConfig Developer

    I've been breaking my head about how to do it at least for a year now... :(
     

Share This Page