#2220 SPF forwarding issues from Red Hat
Closed: Fixed None Opened 13 years ago by smooge.

= phenomenon =

Red Hat IT forwarded an issue to me today about a recipient of @fedoraproject.org having an issue with addresses from @redhat.com. The issue is that in forwarding email addresses we aren't rewriting headers so it looks like we are sending redhat.com addresses from a non Red Hat server. The suggested fix is to have procmail rewrite the envelope for these to say soemthing like From noreply@fedoraproject.org so that SPF and similar filters can work.

I wanted to get some opinions on this

http://www.openspf.org/FAQ/Forwarding
http://www.irbs.net/internet/postfix/0401/0970.html

= reason =

= recommendation =


The bounce is listed as:

Jun 14 00:08:23 bastion02 postfix/smtp[15158]: 6235B10F98C: to=philipp@redfish-solutions.com, orig_to=philipp@fedoraproject.org, relay=mail.redfish-solutions.com[66.232.79.143]:25, delay=7.1, delays=0.01/0/5.5/1.6, dsn=5.7.1, status=bounced (host mail.redfish-solutions.com[66.232.79.143] said: 554 5.7.1 Message rejected; scored too high on the Spam test. (in reply to end of DATA command))

The bounce is listed as:

Jun 14 00:08:23 bastion02 postfix/smtp[15158]: 6235B10F98C: to=philipp@redfish-solutions.com, orig_to=philipp@fedoraproject.org, relay=mail.redfish-solutions.com[66.232.79.143]:25, delay=7.1, delays=0.01/0/5.5/1.6, dsn=5.7.1, status=bounced (host mail.redfish-solutions.com[66.232.79.143] said: 554 5.7.1 Message rejected; scored too high on the Spam test. (in reply to end of DATA command))

This is the mail system at host bastion02.phx2.fedoraproject.org.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

              The mail system

philipp@redfish-solutions.com (expanded from philipp@fedoraproject.org):
host mail.redfish-solutions.com[66.232.79.143] said: 554 5.7.1 Message
rejected; scored too high on the Spam test. (in reply to end of DATA
command)

Final-Recipient: rfc822; philipp@redfish-solutions.com
Original-Recipient: rfc822;philipp@fedoraproject.org
Action: failed
Status: 5.7.1
Remote-MTA: dns; mail.redfish-solutions.com
Diagnostic-Code: smtp; 554 5.7.1 Message rejected; scored too high on the Spam
test.

Somebody reported this to me as well recently. The summary is that email forwarding breaks SPF and it needs to be handled either by doing what you said or by having the owners of the email aliases that do SPF to whitelist the forwarder.

I'd much prefer to have the people who verify SPF deal with forwarders appropriately as mentioned in the first paragraph of http://www.openspf.org/FAQ/Forwarding. Opinions on this?

Closing this for now then, would also be nice to get this as a FAQ item on the email aliases wiki page.

Login to comment on this ticket.

Metadata