[Mimedefang] How to change envelope sender?
benoit.panizzon at imp.ch
Mon May 6 03:23:55 EDT 2013
> > Backscatter for the most part is not a problem because it has a simple
> > solution: Message source authentication, with varying implementations
> > and degrees of success - SPF, DKIM, MTX, PGP-signatures, etc.
> Various degrees of failure would be a better description....
It good that there are attempts to solve the problem.
SPF is fine so far, as the sender can decide how to block. But there are
problems with forwardings if you don't use SRS.
SRS is not yet built in MTA products as afaik it's not RFCed yet.
For Sendmail there is an ugly socketmap solution.
For Postfix you would need a milter or similar.
Qmail has a pretty solution, but Qmail itself is imho just broken.
Exim, I don't know.
DKIM. Yeah, clever idea to sign the headers so the recipient can check the
email was not altered and reject it if there is no signature (what you need to
do if you want reject emails with forged from address) or those headers were
But: There are Mailinglists, like this very MIMEDefang List. Guess what,
Subject and Reply-To Headers are signed, but they are altered by mailman. If a
DKIM Signed email is sent over the Mimedefang Mailinglist and I would enable
DKIM on my MTA, I would reject such emails. So DKIM realy is a NoGo!
PGP is fine. But how would you filter spam with PGP unless everyone is using
PGP Signatures? And that is never going to happen, so you still have to accept
unsigned emails, including spam.
MTX? I will have to look up what that is.
Well until now I don't know any solution that works flawlessly. SMTP was just
designed with a couple of flaws and we have to work around the one kind or the
other and try not to break too much.
Mit freundlichen Grüssen
I m p r o W a r e A G -
Zurlindenstrasse 29 Tel +41 61 826 93 07
CH-4133 Pratteln Fax +41 61 826 93 02
Schweiz Web http://www.imp.ch
More information about the MIMEDefang