[Pymilter] SRS and receiving mail from hard fail sites

[Stuart Gathman]

On 01/19/2018 03:41 PM, David Friedlander wrote:
>
> By way of reminder, I have a mail server which is forwarding mail on
> to the main set of "nasa.gov" servers, but we are included in the
> latter's SPF record as being a legitimate forwarding host _for
> nasa.gov_.  I have simple mail exploders that forward to nasa.gov
> addresses. I am not running SRS as a socketmail installation through
> sendmail.

>
> I have run into a situation whereby sites that have SPF hard fail SPF
> DNS records are not rewriting the 'envelopefrom' at all. And then the
> mail bounces from the upstream site. (In general, SRS is working well
> and invisibly, and I appreciate the functionality.)  Do you have
> advice, please? Is this normal behavior and is there any way to tweak
> it to force rewriting for all incoming mail? Or there a better way to
> solve it?
pysrs rewrites domains you specify in pysrs.cfg.   Did you specify
"fwdomain" in your config?  (Maybe fwdomain=nasa.gov?)  

However, it sounds like your server is an MX for nasa.gov.  Mail servers
"behind" your MX should not check SPF - that is a number one mistake of
SPF beginners.   If your MX with SRS is configured correctly, *all* mail
will pass SPF!  But maybe your MX is only a backup, and mail can also go
directly to the main nasa.gov servers.

But pysrs on an MX does indeed rewrite all MAIL FROM domains to
fwdomain.  Your examples don't help without pysrs.cfg.