1 message in net.sourceforge.lists.courier-users[courier-users] Lists and SPF checking
FromSent OnAttachments
Leigh S. Jones, KR6XJan 22, 2008 5:48 pm 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:[courier-users] Lists and SPF checkingActions...
From:Leigh S. Jones, KR6X (kr@kr6x.com)
Date:Jan 22, 2008 5:48:17 pm
List:net.sourceforge.lists.courier-users

Mark Constable writes:

Apologies if this is a generic SPF question not related to Courier specifics. If so then please point me in the right direction.

Say a mailing-list has 70 members and the original owner of the list sends as...

From: use@domain.org To: some@domain.org

and one member is on our mailserver with fairly strict SPF checking. The first email from the above user gets through to our list member because it's From: @domain.org matches the @domain.org SPF authorized mailserver. But when other members of the list reply to this list they get a bounce from our mailserver saying their email From: address does not pass our mailservers SPF checking.

Because one of the list memebers is on our mailserver, which has strict SPF checking and presumably the others do not, it seems to be causing quite some grief for other list members (not counting our local user is not getting the other list member replies) and is threatened with being banned from this list.

Is there a workaround for this situation ?

You should probably add "mailfromok" to BOFHSPFFROM, so if MAIL FROM passes the SPF check, the From: header gets skipped.

I admit to being excessively vague below. I'm missing some interesting
details...

My own experience: I enabled the Courier SPF check and enabled SPF checking fully on my DNS (with the "-all" in lieu of the less stringent "~all"). The
e-mail from this list continued to be successfully received by Courier (my settings included "mailfromok" as Sam recommends). From a few of my other "lists" I began to reject a subset of received mail. These were from senders who enabled SPF checking with "-all" on their own DNS's.

Only a few of my "lists" were rejecting mail in this fashion (all of them were
using "mailman" software), and it turned out that those that were being rejected had
some kind of configuration at the list that could be changed to correct the problem.
The list operators were all personal friends of sorts, so I kept after them, though
I was unable to adequately describe the change in settings they needed. In a few
cases they were resistant at first, but eventually all of them learned to operate
their lists in a fashion that was consistent with SPF checking without affecting list
functions adversely.

Of course, this happens because I have no interest in operating my own lists, so I haven't learned to work with the list software...