1. Forum
  2. Usenet
  3. COMP.MAIL.SENDMAIL

  • Forwarding problem with aliases

    From Knute Johnson@21:1/5 to All on Wed Sep 4 14:09:01 2024
    I've got a sendmail server running that needs to forward a couple of
    addresses to other destinations. I've set these up in aliases. Most of
    these work but one recipient has an earthlink account and it rejects the forwarded message if the sender is not local to the sendmail server.
    The error message in the returned mail says "The sender's address is
    rejected for policy reasons." Kind of cryptic. The end user
    whitelisted the server's domain but I don't think that is where the
    issue is. I think it is because the sender could be from anywhere and
    that doesn't match the domain of our sendmail server. But that is just
    a guess. If I send mail from an account on the server to the one of the forwarding aliases, it forwards to the earthlink account just fine.

    Anybody know anything about earthlink? Any other ideas?

    Thanks,


    --

    Knute Johnson

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Thu Sep 5 23:10:27 2024
    On 04.09.2024 um 14:09 Uhr Knute Johnson wrote:

    I've got a sendmail server running that needs to forward a couple of addresses to other destinations. I've set these up in aliases. Most
    of these work but one recipient has an earthlink account and it
    rejects the forwarded message if the sender is not local to the
    sendmail server. The error message in the returned mail says "The
    sender's address is rejected for policy reasons." Kind of cryptic.
    The end user whitelisted the server's domain but I don't think that
    is where the issue is. I think it is because the sender could be
    from anywhere and that doesn't match the domain of our sendmail
    server. But that is just a guess. If I send mail from an account on
    the server to the one of the forwarding aliases, it forwards to the
    earthlink account just fine.

    If you forward messages, SPF will break. Many sites reject such
    messages.
    If you now rewrite the MAIL FROM, SPF will be fine but DMARC will fail
    if a reject policy is set.

    You may need to think about implementing ARC with a Milter.

    --
    kind regards
    Marco

    Send spam to [email protected]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Knute Johnson@21:1/5 to Marco Moock on Thu Sep 5 17:22:29 2024
    On 9/5/24 16:10, Marco Moock wrote:
    On 04.09.2024 um 14:09 Uhr Knute Johnson wrote:

    I've got a sendmail server running that needs to forward a couple of
    addresses to other destinations. I've set these up in aliases. Most
    of these work but one recipient has an earthlink account and it
    rejects the forwarded message if the sender is not local to the
    sendmail server. The error message in the returned mail says "The
    sender's address is rejected for policy reasons." Kind of cryptic.
    The end user whitelisted the server's domain but I don't think that
    is where the issue is. I think it is because the sender could be
    from anywhere and that doesn't match the domain of our sendmail
    server. But that is just a guess. If I send mail from an account on
    the server to the one of the forwarding aliases, it forwards to the
    earthlink account just fine.

    If you forward messages, SPF will break. Many sites reject such
    messages.
    If you now rewrite the MAIL FROM, SPF will be fine but DMARC will fail
    if a reject policy is set.

    You may need to think about implementing ARC with a Milter.


    Thanks for that. What is ARC?

    --

    Knute Johnson

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Fri Sep 6 10:59:05 2024
    On 05.09.2024 um 17:22 Uhr Knute Johnson wrote:

    On 9/5/24 16:10, Marco Moock wrote:
    On 04.09.2024 um 14:09 Uhr Knute Johnson wrote:

    I've got a sendmail server running that needs to forward a couple
    of addresses to other destinations. I've set these up in aliases.
    Most of these work but one recipient has an earthlink account and
    it rejects the forwarded message if the sender is not local to the
    sendmail server. The error message in the returned mail says "The
    sender's address is rejected for policy reasons." Kind of cryptic.
    The end user whitelisted the server's domain but I don't think that
    is where the issue is. I think it is because the sender could be
    from anywhere and that doesn't match the domain of our sendmail
    server. But that is just a guess. If I send mail from an account
    on the server to the one of the forwarding aliases, it forwards to
    the earthlink account just fine.

    If you forward messages, SPF will break. Many sites reject such
    messages.
    If you now rewrite the MAIL FROM, SPF will be fine but DMARC will
    fail if a reject policy is set.

    You may need to think about implementing ARC with a Milter.


    Thanks for that. What is ARC?

    https://en.wikipedia.org/wiki/Authenticated_Received_Chain

    It is a experimental standard that is pushed by the big companies.
    It will also help them because they trust big ones, but I dunno how ARC
    will be handled that comes from small sites. I assume this will be the
    next bullying mechanism.

    SPF breaks forwarders, by design.

    DMARC is a policy how to handle stuff that doesn't pass DKIM/SPF and
    regulates alignment. Some big companies made SPF and DMARC mandatory
    which will make forwarders and mailing lists a PITA.

    TLDR: In times of SPF and DMARC, forwarding doesn't work like before.
    My recommendation: Avoid it whenever possible.

    --
    kind regards
    Marco

    Send spam to [email protected]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to Knute Johnson on Fri Sep 6 06:13:12 2024
    Knute Johnson wrote:
    I've got a sendmail server running that needs to forward a couple of addresses to other destinations. I've set these up in aliases. Most of these work but one recipient has an earthlink account and it rejects the forwarded message if the sender is not local to the sendmail server.

    As the recipient to get a different mail provider?

    Anyway, take a look at op.*:

    2.6.3. List owners
    ....
    List owners also cause the envelope sender ad-
    dress to be modified.

    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Knute Johnson@21:1/5 to Marco Moock on Fri Sep 6 08:24:39 2024
    On 9/6/24 03:59, Marco Moock wrote:
    On 05.09.2024 um 17:22 Uhr Knute Johnson wrote:

    On 9/5/24 16:10, Marco Moock wrote:
    On 04.09.2024 um 14:09 Uhr Knute Johnson wrote:

    I've got a sendmail server running that needs to forward a couple
    of addresses to other destinations. I've set these up in aliases.
    Most of these work but one recipient has an earthlink account and
    it rejects the forwarded message if the sender is not local to the
    sendmail server. The error message in the returned mail says "The
    sender's address is rejected for policy reasons." Kind of cryptic.
    The end user whitelisted the server's domain but I don't think that
    is where the issue is. I think it is because the sender could be
    from anywhere and that doesn't match the domain of our sendmail
    server. But that is just a guess. If I send mail from an account
    on the server to the one of the forwarding aliases, it forwards to
    the earthlink account just fine.

    If you forward messages, SPF will break. Many sites reject such
    messages.
    If you now rewrite the MAIL FROM, SPF will be fine but DMARC will
    fail if a reject policy is set.

    You may need to think about implementing ARC with a Milter.


    Thanks for that. What is ARC?

    https://en.wikipedia.org/wiki/Authenticated_Received_Chain

    It is a experimental standard that is pushed by the big companies.
    It will also help them because they trust big ones, but I dunno how ARC
    will be handled that comes from small sites. I assume this will be the
    next bullying mechanism.

    SPF breaks forwarders, by design.

    DMARC is a policy how to handle stuff that doesn't pass DKIM/SPF and regulates alignment. Some big companies made SPF and DMARC mandatory
    which will make forwarders and mailing lists a PITA.

    TLDR: In times of SPF and DMARC, forwarding doesn't work like before.
    My recommendation: Avoid it whenever possible.


    Thanks Marco.

    --

    Knute Johnson

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Knute Johnson@21:1/5 to All on Fri Sep 6 08:26:30 2024
    On 9/6/24 05:13, Claus Aßmann wrote:
    Knute Johnson wrote:
    I've got a sendmail server running that needs to forward a couple of
    addresses to other destinations. I've set these up in aliases. Most of
    these work but one recipient has an earthlink account and it rejects the
    forwarded message if the sender is not local to the sendmail server.

    As the recipient to get a different mail provider?

    Anyway, take a look at op.*:

    2.6.3. List owners
    ....
    List owners also cause the envelope sender ad-
    dress to be modified.


    That's been the solution so far.

    Thanks I'll check out 2.6.3.

    --

    Knute Johnson

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to Marco Moock on Sat Oct 26 11:32:47 2024
    On 9/6/24 03:59, Marco Moock wrote:
    It is a experimental standard that is pushed by the big companies.
    It will also help them because they trust big ones, but I dunno how
    ARC will be handled that comes from small sites. I assume this will
    be the next bullying mechanism.

    IMHO ARC had a priming problem. It's neigh impossible to get others to
    trust you or your ARC signature. So if not enough people are benefiting
    from it, fewer people are inclined to start using it.

    SPF breaks forwarders, by design.

    IMHO, as it should.

    DMARC is a policy how to handle stuff that doesn't pass DKIM/SPF and regulates alignment. Some big companies made SPF and DMARC mandatory
    which will make forwarders and mailing lists a PITA.

    I disagree.

    TLDR: In times of SPF and DMARC, forwarding doesn't work like before.
    My recommendation: Avoid it whenever possible.

    I've found that Sender Rewrite Scheme (SRS) has been remarkably
    effective when forwarding to Gmail.

    SRS is also perfectly compatible with mailing lists. Though admittedly
    I'd hope that contemporary mailing list managers were using VERP to be
    able to correlate bounces with subscriber addresses. Bonus points if
    they also use SMTP's RCPT verb's optional ORCPT parameter.



    --
    Grant. . . .

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Sat Oct 26 21:31:55 2024
    On 26.10.2024 um 11:32 Uhr Grant Taylor wrote:

    IMHO ARC had a priming problem. It's neigh impossible to get others
    to trust you or your ARC signature. So if not enough people are
    benefiting from it, fewer people are inclined to start using it.

    ARC will most likely result in that the big players will only accept
    ARC from other big players, small and medium-sized mail operators will
    likely be treated as untrusted.

    --
    kind regards
    Marco

    Send spam to [email protected]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From John Levine@21:1/5 to All on Sat Oct 26 22:29:54 2024
    According to Marco Moock <[email protected]>:
    ARC will most likely result in that the big players will only accept
    ARC from other big players, ...

    Could you explain what evidence you have for this?

    I talk to people at large mail providers and I can say with great
    confidence that they barely pay any attention to ARC and are likely
    to pay even less attention in the future.

    --
    Regards,
    John Levine, [email protected], Primary Perpetrator of "The Internet for Dummies",
    Please consider the environment before reading this e-mail. https://jl.ly

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to Marco Moock on Sat Oct 26 19:47:47 2024
    On 10/26/24 14:31, Marco Moock wrote:
    ARC will most likely result in that the big players will only accept
    ARC from other big players, small and medium-sized mail operators
    will likely be treated as untrusted.

    I believe that the -- what is oft' referred to as -- Good ol' Boy's club
    is the best outcome for ARC.

    N.B. what's good for ARC isn't necessarily what's good for us.



    --
    Grant. . . .

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Sun Oct 27 09:30:41 2024
    On 26.10.2024 um 22:29 Uhr John Levine wrote:

    According to Marco Moock <[email protected]>:
    ARC will most likely result in that the big players will only accept
    ARC from other big players, ...

    Could you explain what evidence you have for this?

    It is what they have done in the past and I assume this will happen in
    the future. MS, Google etc. have an interest in getting more users. One
    way to do that is to make incoming mail from small parties a nightmare.

    --
    kind regards
    Marco

    Send spam to [email protected]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From HQuest@21:1/5 to All on Sun Oct 27 22:44:15 2024
    ARC will most likely result in that the big players will only accept
    ARC from other big players, ...

    Could you explain what evidence you have for this?

    It is what they have done in the past and I assume this will happen in
    the future. MS, Google etc. have an interest in getting more users. One
    way to do that is to make incoming mail from small parties a nightmare.

    You suggesting RFC8617[1] will be solely ignored and/or never moved off
    the "Experimental" status by the Ye Ol'e Big Boys Club?

    [1] https://www.rfc-editor.org/rfc/rfc8617.html

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)