Mail forwarding doesn't work?

    Quote from Nuxwin

    Are you sure? I was sure that the tests was made only against From field.


    Yes, sure. See: http://www.openspf.org/FAQ/Envelope_from_scope

    Quote

    The vast majority of SPF implementations today use the return-path as the subject of authentication and do not get involved with the header "From:".


    It is either default SRS, or nothing ;) Everything else will have strange unwanted side effects. :( Did I mention I hate SPF? :D

    @MuhKuh


    So, we must either integrate the SRS plugin for postfix, or remove forward mail feature... I don't see any reason to keep a broken (unworkable) feature...

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    @MuhKuh


    Could you fork the develop branch and try to integrate this plugin? Then I can review and merge.


    Thanks.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    Forward is not broken. The concept of SPF is "broken".


    Disabling the forwarding is a no-go and (at least for me) would be a reason not to use imscp. More than 50% of the addresses on my installation are forwarding addresses.


    I see it this way: anyone who uses SPF with "-all" deserves that his emails get lost :evil:

    Quote from Nuxwin


    Could you clone the develop branch and try to integrate this plugin? Then I can review and merge.


    Perhaps on the weekend I can try.

    @MuhKuh



    Please calm down, You'll do a heart attack if you continue. Well SPF is used my most of providers. The point here is not to know if you like it or not (who care???). The point here is how to make mail forwarding working even with domain which implement SPF with hard fail. You say that the SRS plugin can solve the problem. Thus we could so integrate it ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support
    Quote from Nuxwin

    Please calm down, You'll do a heart attack if you continue. Well SPF is used my most of providers.


    I am calm, interesting my posts make you think I am not :D
    And "most providers"? In Switzerland it seems none of the providers use it ;)


    But yes, integrating SRS might be a good idea anyway when more and more domains are using SPF.

    @MuhKuh


    It's normal. If the swiss are do the things like they are talking, this could take some time CHUCKLES

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    I just did a test on my server:
    email sent from GMX to my private address, which is forwarded to an google account. Though it gives me an hardfail on SPF, I received the email:

    Code
    1. Received-SPF: fail (google.com: domain of timo****@gmx.de does not designate xx.xx.xx.xx as permitted sender) client-ip=xx.xx.xx.xx;
    2. Authentication-Results: mx.google.com;
    3. spf=hardfail (google.com: domain of timo****@gmx.de does not designate xx.xx.xx.xx as permitted sender) smtp.mail=timo****@gmx.de


    Or do u use any specific settings on your google account?

    Google probably uses a lot of things to decide if someting should be delivered to the inbox even if SPF fails. In the current internet world it absolutely makes sense to ignore SPF hardfails. This is also why the whole SPF/SRS is not yet a very big problem. Still there though, and might get worse in the future if more providers decide to really reject spf hardfails.