SPF issue with autoforward email

Use this forum if you want to suggest a new feature to hMailServer. Before posting, please search the forum to confirm that it has not already been suggested.

Do you need this feature

Yes
8
80%
No
2
20%
 
Total votes: 10

Belos
New user
New user
Posts: 2
Joined: 2007-09-17 16:42

SPF issue with autoforward email

Postby Belos » 2010-04-22 11:51

Issue:

Automatic forwarding of emails with the "enable forwarding" option may not work completely.
Some domains have SPF records and ff the recipient of the forwarding checks SPF, emails forwarded will be denied since they come from the IP of the hmail server and not from the original sender IP.

Therefore an option allowing the mail to be sent from the hmail account (like you would do manually) should be available, or as an attachement in a MSG or EML format

Jérôme.


Edit: Poll added Slug

Bill48105
Developer
Developer
Posts: 6171
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: SPF issue with autoforward email

Postby Bill48105 » 2010-04-24 23:42

Howdy,
I'm no RFC expert by any means so not sure if the topic is covered or not but IMO email that comes in from the outside & is forwarded automatically by the server should not have the original sender's email address in tact as far as the SMTP conversation is concerned. Here's why:
1. As you pointed out, with SPF & other anti-spam tests done it will likely get rejected and bounce.
2. Really bad thing is the bounce goes to the original sender who has no idea your box is being forwarded. Causes confusion & likely considered a privacy/security leak of info since they now know the address you're forwarding to.
3. Your server can easily be blacklisted for appearing to spoof the original sender.

Because of these reasons (and possibly others I've missed) I'd agree for hMailServer to have an option to change the SMTP 'From' address (not changing the From in the headers as shown in meail but the address used in the SMTP conversation) that is used. Ideally would be configurable as:
Rewrite forward sender as:
( ) Leave original sender
( ) Use address being forwarded
( ) Server Postmaster
( ) Domain Postmaster
( ) Custom: [ ]

Perhaps overkill in options, just brainstorming. :D

Btw, in general as someone who manages mail server I've long been against forwarding to outside domains for many reasons (like listed above) but in particular because it blindly forwards everything including spam & is just begging to get you blacklisted. Charter has banned us a few times & I eventually disabled forwarding options in the web admin for end-users & was done with it. :D But yeah it is a useful thing if used sparingly but it isn't very useful if the place you're forwarding to blocks the messages.
Bill
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***
hMailServer build LIVE on my servers: 5.4-B2014050402
Latest test builds: http://www.hmailserver.com/forum/viewtopic.php?f=10&t=21420

ObiWan
Senior user
Senior user
Posts: 276
Joined: 2010-07-21 14:30
Location: Halfway between Germany and Egypt

Re: SPF issue with autoforward email

Postby ObiWan » 2010-07-21 19:06

Belos wrote:Issue:

Automatic forwarding of emails with the "enable forwarding" option may not work completely.
Some domains have SPF records and ff the recipient of the forwarding checks SPF, emails forwarded will be denied since they come from the IP of the hmail server and not from the original sender IP.

Therefore an option allowing the mail to be sent from the hmail account (like you would do manually) should be available, or as an attachement in a MSG or EML format

Jérôme.


Edit: Poll added Slug


Any email server with a "mail forward" feature (as for hMailServer) should implement
SRS (Sender Rewriting Scheme) to avoid hitting rejects due to SPF failures; for more
informations about SRS see http://www.openspf.org/SRS by the way the SRS should
be an option so that one may decide if enabling it or not (not needed in case you
aren't forwarding emails to external mailboxes)

pezoan
New user
New user
Posts: 1
Joined: 2011-09-20 11:03

Re: SPF issue with autoforward email

Postby pezoan » 2011-09-20 11:06

I fully agree.
Lots of my forwarded emails are bounced because a SFP policy, plus when I have a out of office notification, the email where it's forwarded is shown to everyone.

ObiWan
Senior user
Senior user
Posts: 276
Joined: 2010-07-21 14:30
Location: Halfway between Germany and Egypt

Re: SPF issue with autoforward email

Postby ObiWan » 2011-09-20 11:54

pezoan wrote:I fully agree.
Lots of my forwarded emails are bounced because a SFP policy, plus when I have a out of office notification, the email where it's forwarded is shown to everyone.


Which is exactly why we'll need a "full baked" implementation of SPF including SRS too (both checks/stripping for incoming mail and signatures for outgoing); otherwise, any hMailServer with "forwarded mailboxes" may and will incur in SPF failures (and rejections) in case the destination of the forwarding is a domain publishing an SPF record.

Bill48105
Developer
Developer
Posts: 6171
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: SPF issue with autoforward email

Postby Bill48105 » 2011-10-29 19:52

SRS is definitely something in like top 5 or 10 on my personal to-do wish list. I spent some time looking at how to do it in the hmail code a few months ago but didn't get far as I was side-tracked by real work & life. But it is definitely not forgotten.
Bill
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***
hMailServer build LIVE on my servers: 5.4-B2014050402
Latest test builds: http://www.hmailserver.com/forum/viewtopic.php?f=10&t=21420

ObiWan
Senior user
Senior user
Posts: 276
Joined: 2010-07-21 14:30
Location: Halfway between Germany and Egypt

Re: SPF issue with autoforward email

Postby ObiWan » 2011-10-31 10:40

Bill48105 wrote:SRS is definitely something in like top 5 or 10 on my personal to-do wish list. I spent some time looking at how to do it in the hmail code a few months ago but didn't get far as I was side-tracked by real work & life. But it is definitely not forgotten.
Bill


Bill, did you see this http://www.libsrs2.org/ ? The library is opensource and may possibly be adapted for hMS (e.g. turned into a DLL)

ObiWan
Senior user
Senior user
Posts: 276
Joined: 2010-07-21 14:30
Location: Halfway between Germany and Egypt

Re: SPF issue with autoforward email

Postby ObiWan » 2011-10-31 11:19

ObiWan wrote:
Bill48105 wrote:SRS is definitely something in like top 5 or 10 on my personal to-do wish list. I spent some time looking at how to do it in the hmail code a few months ago but didn't get far as I was side-tracked by real work & life. But it is definitely not forgotten.
Bill


Bill, did you see this http://www.libsrs2.org/ ? The library is opensource and may possibly be adapted for hMS (e.g. turned into a DLL)


Forgot; basically the idea should be to implement SRS when hMS needs to send a message to a domain which is not defined as "local"; in this case, hMS should call the SRS code to turn the sender address into a local one (e.g. by using the original recipient (local) domain); then, whenever receiving a message, hMS should check if the incoming email has a valid SRS "tag" and remove it so, turning the address back to the real (original) one; for further infos, see

http://msg.wikidoc.info/index.php/Sende ... cheme_(SRS)

http://en.wikipedia.org/wiki/Sender_Rewriting_Scheme

http://www.libsrs2.org/docs/mta-patches.html

HTH


Return to “Feature requests”



Who is online

Users browsing this forum: No registered users and 2 guests