From stuart at gathman.org Fri Jan 19 23:03:06 2018 From: stuart at gathman.org (Stuart Gathman) Date: Fri, 19 Jan 2018 23:03:06 -0500 Subject: [Pymilter] SRS and receiving mail from hard fail sites In-Reply-To: References: Message-ID: On 01/19/2018 03:41 PM, David Friedlander wrote: > > By way of reminder, I have a mail server which is forwarding mail on > to the main set of "nasa.gov" servers, but we are included in the > latter's SPF record as being a legitimate forwarding host _for > nasa.gov_.? I have simple mail exploders that forward to nasa.gov > addresses. I am not running SRS as a socketmail installation through > sendmail. > > I have run into a situation whereby sites that have SPF hard fail SPF > DNS records are not rewriting the 'envelopefrom' at all. And then the > mail bounces from the upstream site. (In general, SRS is working well > and invisibly, and I appreciate the functionality.)? Do you have > advice, please? Is this normal behavior and is there any way to tweak > it to force rewriting for all incoming mail? Or there a better way to > solve it? pysrs rewrites domains you specify in pysrs.cfg.?? Did you specify "fwdomain" in your config?? (Maybe fwdomain=nasa.gov?)?? However, it sounds like your server is an MX for nasa.gov.? Mail servers "behind" your MX should not check SPF - that is a number one mistake of SPF beginners.?? If your MX with SRS is configured correctly, *all* mail will pass SPF!? But maybe your MX is only a backup, and mail can also go directly to the main nasa.gov servers. But pysrs on an MX does indeed rewrite all MAIL FROM domains to fwdomain.? Your examples don't help without pysrs.cfg.