UPDATE: The SPF record I have in DNS for domain mailinglist.com:
mailinglist.com. 3600 IN TXT "v=spf1 mx ptr include:gateway.com ?all"
UPDATE2: The From:, Reply-To:, Sender: and Return-Path:headers from a failed message:
...
From: "bob"
Reply-To:
Sender:
List-Post:
Return-Path: list1-owner@my.mailinglist.com
...
I've inherited a Sympa mailing list server from a previous Admin and am not very familiar with the whole process. Recently, we've been getting some calls from users that their posts to the various mailing lists are being marked as failing fraud detection checks.
I've been reading up on SPF and suspect that what is happening is when a user (bob@somewhere.org) posts to the list (my.mailinglist.com), the outbound message from the list server has the envelope sender set to "bob@somewhere.org". Our list server then relays the outgoing message to mail.gateway.com which then delivers it over the Internet. When the SMTP server at somewhere.org (or other domain) receives the post, it sees that it was sent by our relay, mail.gateway.com (13.14.15.16), which does not have it's IP address on the SPF record for somewhere.org.
In the mail headers of the outbound post sent from mail.gateway.com, I have an SPF line which reads:
Received-SPF: SoftFail (mail.gateway.com: domain of
transitioning bob@somewhere.org discourages use of 13.14.15.16 as
permitted sender)
We have many users from many different domains sending mail to our list server. Asking every domain to include the mail.gateway.com IP in their SPF record seems ridiculous, but that's what I gather is one way to fix this.
The other fix involves probably using a different envelope sender. I'm not sure how this would affect "Reply" and "Reply to" functionality. Right now it seems a bit wonky; Reply and Reply-to both go the the mailing list which seems odd. I'm trying to figure out where that is configured.
Are there some other ways to work this out that I have missed?
Thanks
No comments:
Post a Comment