stpeters at netheaven
Dec 1, 2006, 6:25 AM
Post #13 of 29
David Woodhouse writes:
Re: private relay ... could i use srs to avoid spf fail?
[In reply to]
> On Fri, 2006-12-01 at 12:22 +0000, Camart Ltd wrote:
> > Aha! That was my next question - whether it is easy/possible to use SRS
> > for *relay* rather than *forwarding* ... all the documentation I have
> > been able to find has, understandably, only discussed forwarding.
> I was talking about forwarding. I assume that by 'relay' you just mean
> operating as an MX backup? In that case, the recipients _definitely_
> shouldn't be rejecting mail due to SPF failures. Or you mean operating
> as an _outgoing_ SMTP smarthost for people? In which case they shouldn't
> be publishing SPF records which don't include your server(s).
He said his interest was in intercepting outgoing SMTP connections
from temporary visitors to his network. Whether such intercepting
should be considered relaying or forwarding is immaterial if you use
SRS for all outgoing mail. I use SRS for all outgoing mail, and I
have done intercepting occasionally. (Intercepting allows me to
AV-scan outgoing mail and block outgoing viruses from hosted servers
that have become infected, while allowing uninfected mail flow to
> There will _always_ be receiving mailservers out there which reject your
> mail for spurious reasons.
This is one of the few things David and I agree on, although we
disagree considerably about what reasons are 'spurious'. In my view,
the benefits of SPF outweigh the drawbacks, so I encourage people to
use SPF, and I work around the forwarding rejections by using SRS.
However, SRS itself has its own drawbacks. If you rewrite MAIL FROM
adresses with SRS, some sites will reject mail from you due to the
unusual (but RFC-allowed) characters in the return addresses.
If you use SRS to reject bogus DSNs, you will also reject return
receipts from Outlook (and probably Outlook Express) users. This
isn't much of an issue for most people, but I happen to have a number
of users who use and want return receipts, so I have to make provision
for these special cases.
Rejecting non-SRS DSNs also rejects responses from some
autoresponders. While many people might think of this as a Good
Thing, I have users who consider out-of-office notifications
Rejecting non-SRS DSNs naively also rejects postmaster-verification
callbacks, causing some sites to reject your mail.
Dick St.Peters, stpeters [at] NetHeaven
Gatekeeper, NetHeaven, Saratoga Springs, NY
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?list_id=1129