The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Forwarding broken by SPF - need SRS to mend it

Discussion in 'E-mail Discussions' started by wemail, Feb 12, 2008.

  1. wemail

    wemail Well-Known Member

    Joined:
    Nov 28, 2006
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    GB
    cPanel Access Level:
    Root Administrator
    Sites prematurely imposing SPF compliance, e.g. waitrose.com, can cause a big nuisance by rejecting emails sent to them using forwarding.

    I have rDNS already, and have created an SPF record on my DNS, and so these have satisfied the basic SPF problem on our server. Emails sent from accounts on our server are getting through OK even if forwarded.

    Email sent from elsewhere which use forwarding via our server is still a problem, and isn't satisfied by SPF compliance.

    There appears to be consensus amongst lots of sites that the solution for servers which need to use forwarding, is to have Sender Rewriting Scheme (SRS) support in the MTA.

    Exim supports this as from v4.50 and we are using v4.63. However this "support" seems to be a bit of an exaggeration.

    I have found a lot of instructions on SRS and how to activate it in the Exim config, including:

    http://www.openspf.org/SRS
    http://www.libsrs2.org/overview.html

    I can't find an actual code and config patch, except in a file from Brazil, where I do not understand the comments, and I am not competent to write my own without spending a lot of time. It appears to be a minor addition, which must be in use at lots of Exim sites.

    Any pointers please?
     
    #1 wemail, Feb 12, 2008
    Last edited: Feb 23, 2008
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    One question to ask is why are you using e-mail forwarders?

    If you are just going to be checking your AOL address, then you should advertise your AOL address as your e-mail address. Does it look less professional? Probably, but its just a price you have to pay if you are only willing to check your AOL address.

    If you want to use your domain name based e-mails, then consider setting up real POP accounts and using an e-mail program, like Thunderbird, to check those mail accounts for messages. This way you don't run into an issue with the SPF records.
     
  3. wemail

    wemail Well-Known Member

    Joined:
    Nov 28, 2006
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    GB
    cPanel Access Level:
    Root Administrator
    This is organization policy. Forwarding is essential for several reasons and has been in use for years.

    Sorry, this isn't relevant to our problem.

    We cannot impose this on the users. I suggested it occasionally but users wish to stay with their service provider. If everybody would use the local addresses on our server with either the built-in webmail or a good client like Pegasus Mail, it would be easier. But they won't.

    So, we need to use SRS.
     
  4. internetfab

    internetfab Well-Known Member
    PartnerNOC

    Joined:
    Feb 20, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Gothenburg, Sweden
    cPanel Access Level:
    DataCenter Provider
    Has anyone looked into more deeply? Just got a case where this is happening
     
  5. AlexV.

    AlexV. Well-Known Member

    Joined:
    Jun 15, 2006
    Messages:
    212
    Likes Received:
    1
    Trophy Points:
    16
    wemail:

    I would be more than glad to take a look at the brazilian file. I know a thing or two about portuguese. :D

    We are working on getting SRS support on the Exim RPM.

    internetfab:

    Could you please contact me directly: alex@cpanel.net or open a support ticket (ATTN Alex). Would like to look into the forwarding/spf issue you are experiencing.

    Thank you.
     
  6. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    If you rewrite the headers - besides violating the RFC's - any email that you send that is spam - you are now the spammer as your server sent the spam message because you removed the "real" sender.
     
  7. wemail

    wemail Well-Known Member

    Joined:
    Nov 28, 2006
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    GB
    cPanel Access Level:
    Root Administrator
    SPF/SRS is documented on its own site.

    There is good news on availability in "SPF Implementation" thread.
     
Loading...

Share This Page