OT (again): SA-SPF opinion

Ugo Bellavance ugob at CAMO-ROUTE.COM
Fri May 27 14:45:44 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

>>I believe that SRS, Sender Rewriting Scheme, is only required if you
>>are relaying form you SPF hub. A typical example would be an ISP who
>>is relaying email from a home pc or a business hub that sends their
>>outbound email through the ISP's "smart relay". The ISP in this case
>>has to rewrite the header to make it look like the mail was sent From
>>the smart relay.
>
>
> Steve,
>
> Thanks for the reply.
>
> I am guessing you mean that I should have a separate server running the SPF
> checks in front of my mail hub, much like an SPF gateway. Unfortunately, I
> cannot convince anyone here that I need to not only run SPF in front of the
> mail hub, but also need a gateway for MS/SA in front of the hub. At the
> current time, my mailboxes are on the same box that MS/SA and, in the
> future, SPF, is running.

No, there is no need for a separate SPF server.

>
> My confusion is about running multiple domains on the same box, and I guess
> that sort of threw me. I have 3 mailservers. All three run MS/SA. One is
> inbound/outbound for one domain. Another server is inbound for a second
> domain and inbound/outbound for a third domain. Another server is outbound
> for the second domain and outbound for all three domain's Webmail. All of
> the servers are DNSed on a fourth domain, and , to make matters worse, any
> http mail comes out of this domain. I firstly am fighting how my TXT records
> should look and secondly how SRS may need to be used due to the 4-domain
> scheme.

 From what I can understand SRS is only need in this kind of setup:
bigfoot.com used to have a service of e-mail aliases.  For example,
ugob at bigfoot.com would be redirected to my current e-mail address by
bigfoot's servers.  The problem is that when my mail server receives it,
it checks the spf records and the last relay it went through.  It
doesn't match, so bigfoot would have to do a rewrite on the message to
make sure that the last relay is not theirs, but the one before.  If no
rewrite is done, there'll be many false positives.

>
> I don't suppose installing SRS would hurt anything, though.

Maybe, but I think you could do something else instead :).

>
> Thanks for all the info!
>

:)

Ugo

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list