= phenomenon =
Red Hat IT forwarded an issue to me today about a recipient of @fedoraproject.org having an issue with addresses from @redhat.com. The issue is that in forwarding email addresses we aren't rewriting headers so it looks like we are sending redhat.com addresses from a non Red Hat server. The suggested fix is to have procmail rewrite the envelope for these to say soemthing like From noreply@fedoraproject.org so that SPF and similar filters can work.
I wanted to get some opinions on this
http://www.openspf.org/FAQ/Forwarding http://www.irbs.net/internet/postfix/0401/0970.html
= reason =
= recommendation =
The bounce is listed as:
Jun 14 00:08:23 bastion02 postfix/smtp[15158]: 6235B10F98C: to=philipp@redfish-solutions.com, orig_to=philipp@fedoraproject.org, relay=mail.redfish-solutions.com[66.232.79.143]:25, delay=7.1, delays=0.01/0/5.5/1.6, dsn=5.7.1, status=bounced (host mail.redfish-solutions.com[66.232.79.143] said: 554 5.7.1 Message rejected; scored too high on the Spam test. (in reply to end of DATA command))
This is the mail system at host bastion02.phx2.fedoraproject.org.
I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can delete your own text from the attached returned message.
The mail system
philipp@redfish-solutions.com (expanded from philipp@fedoraproject.org): host mail.redfish-solutions.com[66.232.79.143] said: 554 5.7.1 Message rejected; scored too high on the Spam test. (in reply to end of DATA command)
Final-Recipient: rfc822; philipp@redfish-solutions.com Original-Recipient: rfc822;philipp@fedoraproject.org Action: failed Status: 5.7.1 Remote-MTA: dns; mail.redfish-solutions.com Diagnostic-Code: smtp; 554 5.7.1 Message rejected; scored too high on the Spam test.
Somebody reported this to me as well recently. The summary is that email forwarding breaks SPF and it needs to be handled either by doing what you said or by having the owners of the email aliases that do SPF to whitelist the forwarder.
I'd much prefer to have the people who verify SPF deal with forwarders appropriately as mentioned in the first paragraph of http://www.openspf.org/FAQ/Forwarding. Opinions on this?
Agreed.
Closing this for now then, would also be nice to get this as a FAQ item on the email aliases wiki page.
Login to comment on this ticket.