how to set up proper forwarder

Post by Alexey Koptsevich
Hello,
I am trying to figure out how to forward mail properly.
As far as I understand, none of alternatives
(~/.forward, virtual(5), SRS, procmail recipe)
1) ~/.forward breaks possible SPF policy of the sender,
and if I am not mistaken, specifying forwarding in
virtual(5) gives essentially the same result
2) As far as I understand, SRS is not really supported by
postfix and will not be supported anytime soon
3) Forwarding via procmail seems to work, but what happens
if the destination address ceases to exist? Mail gets
bounced from there, but the bounce message should be
delivered to the same nonexisting address, so delivery
attempts repeat every few seconds. Does not seem to be a
good solution.

Forward as usual via virtual(5) or .forward (not procmail which causes
mail loops) and don't worry about the SPF users.
--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:***@postfix.org?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Alexey Koptsevich

2006-01-06 17:47:08 UTC

If my user forwards his mail somewhere and it happens that
a) somebody sends him a message from the domain with SPF record,
b) the final destination filters mail based on SPF,
then it might be that mail for _my_ user will be dropped.
My question was not whether SPF is right or wrong, but how
can I set up things that mail will be reliably delivered
without controlling where my users forward mail and explaining
tem what is SPF and how it works.

I saw a procmail-based vacation program, I imagine it would be
possible to create a loop detection based on its priciple. Say,
message IDs for the last 10 min are stored in a database, and
if a message with such ID passed through procmail more than 20
times in 10 min it gets bounced. Maybe somebody already did
something like that or have better idea how to deal with the
situation rather than ignore it?

Thanks,
Alex

Forward as usual via virtual(5) or .forward (not procmail which causes
mail loops) and don't worry about the SPF users.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Victor Duchovni

2006-01-06 17:51:36 UTC

Post by Alexey Koptsevich
If my user forwards his mail somewhere and it happens that
a) somebody sends him a message from the domain with SPF record,
b) the final destination filters mail based on SPF,
then it might be that mail for _my_ user will be dropped.
My question was not whether SPF is right or wrong, but how
can I set up things that mail will be reliably delivered
without controlling where my users forward mail and explaining
tem what is SPF and how it works.

This is not your problem. The receiving site and SPF publishing site
have elected to not support mail forwarding. The user who wants his mail
forward should switch to a provider that does not reject mail based on
SPF records.

Post by Alexey Koptsevich
I saw a procmail-based vacation program, I imagine it would be
possible to create a loop detection based on its priciple. Say,
message IDs for the last 10 min are stored in a database, and
if a message with such ID passed through procmail more than 20
times in 10 min it gets bounced.

The loops often involve new messages (bounces of bounces of bounces ...)
--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:***@postfix.org?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Gary V

2006-01-06 18:08:06 UTC

The loops often involve new messages (bounces of bounces of bounces ...)
--
Viktor.

Is this pertinent?
http://www.openspf.org/faq.html#forwarding

Gary V

_________________________________________________________________
Dont just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

Alexey Koptsevich

2006-01-06 21:37:52 UTC

Yes it is, thanks! But the bounce will be delivered locally
on the forwarder. Effectively, it will disappear for both sender
and recipient.

I guess there is no easy way to extract the original Return-Path
from the bounce message?

Thanks,
Alex

Post by Gary V

The loops often involve new messages (bounces of bounces of bounces ...)
--
Viktor.

Is this pertinent?
http://www.openspf.org/faq.html#forwarding
Gary V
_________________________________________________________________
Dont just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

Alexey Koptsevich

2006-01-06 21:39:43 UTC

This is not your problem. The receiving site and SPF publishing site
have elected to not support mail forwarding. The user who wants his mail

What do you mean by "site"? There are two completely separate entities
here -- site admins/owners and site users. The first one indeed elected
to do something, but I am talking about the second one.

Post by Victor Duchovni
forward should switch to a provider that does not reject mail based on
SPF records.

It is easy to switch between free email providers, but if your email
provider is your employer? Most people do not have much control over
their employers.

The loops often involve new messages (bounces of bounces of bounces ...)

This is sad...

Thanks,
Alex

Harvey Smith

2006-01-06 21:54:25 UTC

This is not your problem. The receiving site and SPF publishing site
have elected to not support mail forwarding. The user who wants his mail

What do you mean by "site"? There are two completely separate entities
here -- site admins/owners and site users. The first one indeed elected
to do something, but I am talking about the second one.

Post by Victor Duchovni
forward should switch to a provider that does not reject mail based on
SPF records.

It is easy to switch between free email providers, but if your email
provider is your employer? Most people do not have much control over
their employers.

Well then that employer is saying "we don't accept forwarded email" by
virtue of the fact that they are using SPF. So the users/emplotess
should just arraange to have their email sent directly to them.
--
Harvey

The loops often involve new messages (bounces of bounces of bounces ...)

This is sad...
Thanks,
Alex

Jorey Bump

2006-01-06 22:53:03 UTC

Post by Victor Duchovni
This is not your problem. The receiving site and SPF publishing site
have elected to not support mail forwarding. The user who wants his mail

What do you mean by "site"? There are two completely separate entities
here -- site admins/owners and site users. The first one indeed elected
to do something, but I am talking about the second one.

In that case there are three entities:

1. The site that publishes the SPF record.

2. The site that rejects based on SPF.

3. The user that forwards mail to the site that rejects based on SPF.

I'll agree that it may create a problem for you, but it's not one you
can fix without violating someone else's policy, so don't even try. Tell
the user you will no longer forward to the offending address.

Keep in mind that SPF doesn't merely break forwarding, but that
forwarding violates SPF. They are mutually exclusive.

[Note that the topic of SPF is banned on this list except as it relates
to technical matters concerning Postfix administration. It looks like
we're nudging up to the boundary, so I'll stop here.]

Alexey Koptsevich

2006-01-06 22:52:35 UTC

Post by Harvey Smith

This is not your problem. The receiving site and SPF publishing site
have elected to not support mail forwarding. The user who wants his

mail
What do you mean by "site"? There are two completely separate entities
here -- site admins/owners and site users. The first one indeed elected
to do something, but I am talking about the second one.

Post by Victor Duchovni
forward should switch to a provider that does not reject mail based on
SPF records.

It is easy to switch between free email providers, but if your email
provider is your employer? Most people do not have much control over
their employers.

Well, then users should know what is SPF and that their provider indeed
uses it and that it does not work with forwarding etc etc etc etc
Enlightening mail admins may be a solution, but enlightening users
is definitely not.

I think the solution could be to forward via procmail using
recipe from http://www.openspf.org/faq.html#forwarding
If bounce occurs, its attachments should be scanned for the
presence of this header and the bounce should be redirected to the
original sender extracted from this attachment.

Two questions here:

1) Is it a requirement that the original message is always attached
to the bounce message, or I cannot count on it?

2) Are there drawbacks in this approach?

Thanks,
Alex

Harvey Smith

2006-01-06 23:14:32 UTC