Discussion:
Forwarding problem with aliases
(too old to reply)
Knute Johnson
2024-09-04 19:09:01 UTC
Permalink
I've got a sendmail server running that needs to forward a couple of
addresses to other destinations. I've set these up in aliases. Most of
these work but one recipient has an earthlink account and it rejects the
forwarded message if the sender is not local to the sendmail server.
The error message in the returned mail says "The sender's address is
rejected for policy reasons." Kind of cryptic. The end user
whitelisted the server's domain but I don't think that is where the
issue is. I think it is because the sender could be from anywhere and
that doesn't match the domain of our sendmail server. But that is just
a guess. If I send mail from an account on the server to the one of the
forwarding aliases, it forwards to the earthlink account just fine.

Anybody know anything about earthlink? Any other ideas?

Thanks,
--
Knute Johnson
Marco Moock
2024-09-05 21:10:27 UTC
Permalink
Post by Knute Johnson
I've got a sendmail server running that needs to forward a couple of
addresses to other destinations. I've set these up in aliases. Most
of these work but one recipient has an earthlink account and it
rejects the forwarded message if the sender is not local to the
sendmail server. The error message in the returned mail says "The
sender's address is rejected for policy reasons." Kind of cryptic.
The end user whitelisted the server's domain but I don't think that
is where the issue is. I think it is because the sender could be
from anywhere and that doesn't match the domain of our sendmail
server. But that is just a guess. If I send mail from an account on
the server to the one of the forwarding aliases, it forwards to the
earthlink account just fine.
If you forward messages, SPF will break. Many sites reject such
messages.
If you now rewrite the MAIL FROM, SPF will be fine but DMARC will fail
if a reject policy is set.

You may need to think about implementing ARC with a Milter.
--
kind regards
Marco

Send spam to ***@cartoonies.org
Knute Johnson
2024-09-05 22:22:29 UTC
Permalink
Post by Marco Moock
Post by Knute Johnson
I've got a sendmail server running that needs to forward a couple of
addresses to other destinations. I've set these up in aliases. Most
of these work but one recipient has an earthlink account and it
rejects the forwarded message if the sender is not local to the
sendmail server. The error message in the returned mail says "The
sender's address is rejected for policy reasons." Kind of cryptic.
The end user whitelisted the server's domain but I don't think that
is where the issue is. I think it is because the sender could be
from anywhere and that doesn't match the domain of our sendmail
server. But that is just a guess. If I send mail from an account on
the server to the one of the forwarding aliases, it forwards to the
earthlink account just fine.
If you forward messages, SPF will break. Many sites reject such
messages.
If you now rewrite the MAIL FROM, SPF will be fine but DMARC will fail
if a reject policy is set.
You may need to think about implementing ARC with a Milter.
Thanks for that. What is ARC?
--
Knute Johnson
Marco Moock
2024-09-06 08:59:05 UTC
Permalink
Post by Knute Johnson
Post by Marco Moock
Post by Knute Johnson
I've got a sendmail server running that needs to forward a couple
of addresses to other destinations. I've set these up in aliases.
Most of these work but one recipient has an earthlink account and
it rejects the forwarded message if the sender is not local to the
sendmail server. The error message in the returned mail says "The
sender's address is rejected for policy reasons." Kind of cryptic.
The end user whitelisted the server's domain but I don't think that
is where the issue is. I think it is because the sender could be
from anywhere and that doesn't match the domain of our sendmail
server. But that is just a guess. If I send mail from an account
on the server to the one of the forwarding aliases, it forwards to
the earthlink account just fine.
If you forward messages, SPF will break. Many sites reject such
messages.
If you now rewrite the MAIL FROM, SPF will be fine but DMARC will
fail if a reject policy is set.
You may need to think about implementing ARC with a Milter.
Thanks for that. What is ARC?
https://en.wikipedia.org/wiki/Authenticated_Received_Chain

It is a experimental standard that is pushed by the big companies.
It will also help them because they trust big ones, but I dunno how ARC
will be handled that comes from small sites. I assume this will be the
next bullying mechanism.

SPF breaks forwarders, by design.

DMARC is a policy how to handle stuff that doesn't pass DKIM/SPF and
regulates alignment. Some big companies made SPF and DMARC mandatory
which will make forwarders and mailing lists a PITA.

TLDR: In times of SPF and DMARC, forwarding doesn't work like before.
My recommendation: Avoid it whenever possible.
--
kind regards
Marco

Send spam to ***@cartoonies.org
Knute Johnson
2024-09-06 13:24:39 UTC
Permalink
Post by Marco Moock
Post by Knute Johnson
Post by Marco Moock
Post by Knute Johnson
I've got a sendmail server running that needs to forward a couple
of addresses to other destinations. I've set these up in aliases.
Most of these work but one recipient has an earthlink account and
it rejects the forwarded message if the sender is not local to the
sendmail server. The error message in the returned mail says "The
sender's address is rejected for policy reasons." Kind of cryptic.
The end user whitelisted the server's domain but I don't think that
is where the issue is. I think it is because the sender could be
from anywhere and that doesn't match the domain of our sendmail
server. But that is just a guess. If I send mail from an account
on the server to the one of the forwarding aliases, it forwards to
the earthlink account just fine.
If you forward messages, SPF will break. Many sites reject such
messages.
If you now rewrite the MAIL FROM, SPF will be fine but DMARC will
fail if a reject policy is set.
You may need to think about implementing ARC with a Milter.
Thanks for that. What is ARC?
https://en.wikipedia.org/wiki/Authenticated_Received_Chain
It is a experimental standard that is pushed by the big companies.
It will also help them because they trust big ones, but I dunno how ARC
will be handled that comes from small sites. I assume this will be the
next bullying mechanism.
SPF breaks forwarders, by design.
DMARC is a policy how to handle stuff that doesn't pass DKIM/SPF and
regulates alignment. Some big companies made SPF and DMARC mandatory
which will make forwarders and mailing lists a PITA.
TLDR: In times of SPF and DMARC, forwarding doesn't work like before.
My recommendation: Avoid it whenever possible.
Thanks Marco.
--
Knute Johnson
Grant Taylor
2024-10-26 16:32:47 UTC
Permalink
Post by Marco Moock
It is a experimental standard that is pushed by the big companies.
It will also help them because they trust big ones, but I dunno how
ARC will be handled that comes from small sites. I assume this will
be the next bullying mechanism.
IMHO ARC had a priming problem. It's neigh impossible to get others to
trust you or your ARC signature. So if not enough people are benefiting
from it, fewer people are inclined to start using it.
Post by Marco Moock
SPF breaks forwarders, by design.
IMHO, as it should.
Post by Marco Moock
DMARC is a policy how to handle stuff that doesn't pass DKIM/SPF and
regulates alignment. Some big companies made SPF and DMARC mandatory
which will make forwarders and mailing lists a PITA.
I disagree.
Post by Marco Moock
TLDR: In times of SPF and DMARC, forwarding doesn't work like before.
My recommendation: Avoid it whenever possible.
I've found that Sender Rewrite Scheme (SRS) has been remarkably
effective when forwarding to Gmail.

SRS is also perfectly compatible with mailing lists. Though admittedly
I'd hope that contemporary mailing list managers were using VERP to be
able to correlate bounces with subscriber addresses. Bonus points if
they also use SMTP's RCPT verb's optional ORCPT parameter.
--
Grant. . . .
Marco Moock
2024-10-26 19:31:55 UTC
Permalink
Post by Grant Taylor
IMHO ARC had a priming problem. It's neigh impossible to get others
to trust you or your ARC signature. So if not enough people are
benefiting from it, fewer people are inclined to start using it.
ARC will most likely result in that the big players will only accept
ARC from other big players, small and medium-sized mail operators will
likely be treated as untrusted.
--
kind regards
Marco

Send spam to ***@cartoonies.org
John Levine
2024-10-26 22:29:54 UTC
Permalink
Post by Marco Moock
ARC will most likely result in that the big players will only accept
ARC from other big players, ...
Could you explain what evidence you have for this?

I talk to people at large mail providers and I can say with great
confidence that they barely pay any attention to ARC and are likely
to pay even less attention in the future.
--
Regards,
John Levine, ***@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
Marco Moock
2024-10-27 08:30:41 UTC
Permalink
Post by John Levine
Post by Marco Moock
ARC will most likely result in that the big players will only accept
ARC from other big players, ...
Could you explain what evidence you have for this?
It is what they have done in the past and I assume this will happen in
the future. MS, Google etc. have an interest in getting more users. One
way to do that is to make incoming mail from small parties a nightmare.
--
kind regards
Marco

Send spam to ***@cartoonies.org
HQuest
2024-10-27 22:44:15 UTC
Permalink
Post by Marco Moock
Post by John Levine
Post by Marco Moock
ARC will most likely result in that the big players will only accept
ARC from other big players, ...
Could you explain what evidence you have for this?
It is what they have done in the past and I assume this will happen in
the future. MS, Google etc. have an interest in getting more users. One
way to do that is to make incoming mail from small parties a nightmare.
You suggesting RFC8617[1] will be solely ignored and/or never moved off
the "Experimental" status by the Ye Ol'e Big Boys Club?

[1] https://www.rfc-editor.org/rfc/rfc8617.html

Grant Taylor
2024-10-27 00:47:47 UTC
Permalink
Post by Marco Moock
ARC will most likely result in that the big players will only accept
ARC from other big players, small and medium-sized mail operators
will likely be treated as untrusted.
I believe that the -- what is oft' referred to as -- Good ol' Boy's club
is the best outcome for ARC.

N.B. what's good for ARC isn't necessarily what's good for us.
--
Grant. . . .
Claus Aßmann
2024-09-06 10:13:12 UTC
Permalink
Post by Knute Johnson
I've got a sendmail server running that needs to forward a couple of
addresses to other destinations. I've set these up in aliases. Most of
these work but one recipient has an earthlink account and it rejects the
forwarded message if the sender is not local to the sendmail server.
As the recipient to get a different mail provider?

Anyway, take a look at op.*:

2.6.3. List owners
....
List owners also cause the envelope sender ad-
dress to be modified.
--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.
Knute Johnson
2024-09-06 13:26:30 UTC
Permalink
Post by Claus Aßmann
Post by Knute Johnson
I've got a sendmail server running that needs to forward a couple of
addresses to other destinations. I've set these up in aliases. Most of
these work but one recipient has an earthlink account and it rejects the
forwarded message if the sender is not local to the sendmail server.
As the recipient to get a different mail provider?
2.6.3. List owners
....
List owners also cause the envelope sender ad-
dress to be modified.
That's been the solution so far.

Thanks I'll check out 2.6.3.
--
Knute Johnson
Loading...