[Mimedefang] How to change envelope sender?

Mon May 6 14:14:36 EDT 2013

--- On Mon, 5/6/13, Benoit Panizzon <benoit.panizzon at imp.ch> wrote:
> It good that there are attempts to solve the problem.
> 
> SPF is fine so far, as the sender can decide how to block. But there are 
> problems with forwardings if you don't use SRS
> SRS is not yet built in MTA products as afaik it's not RFCed yet.
> For Sendmail there is an ugly socketmap solution.

I do a sender "rewrite" but don't use the ugly socketmap solution you cite.  This can be done PURELY with a rewriting ruleset and a small external program to generate the rewritten sender plus a log file to track them.  This isn't a problem at all.

> For Postfix you would need a milter or similar.
> Qmail has a pretty solution, but Qmail itself is imho just
> broken.
> Exim, I don't know.
> 
> DKIM. Yeah, clever idea to sign the headers so the recipient can check the 
> email was not altered and reject it if there is no signature (what you need to 
> do if you want reject emails with forged from address) or those headers were 
> altered.
> But: There are Mailinglists, like this very MIMEDefang List. Guess what, 
> Subject and Reply-To Headers are signed, but they are altered by mailman. If a 
> DKIM Signed email is sent over the Mimedefang Mailinglist and I would enable 
> DKIM on my MTA, I would reject such emails. So DKIM realy is a NoGo!

Guess what?  You're misconstruing DKIM if that's what you think.  The mailing list software should be validating the message then generating its OWN DKIM headers (replacing as necessary) when altering the message to conform to those sent out by the list.  You skipped that step.  Messages to the list are considered delivered when received by the list server, not the list members.

> 
> PGP is fine. But how would you filter spam with PGP unless everyone is using 
> PGP Signatures? And that is never going to happen, so you still have to accept 
> unsigned emails, including spam.

Filter spam with PGP?  How?  It's not a spam filter.  It's an authenticator.

> MTX? I will have to look up what that is.
> 
> Well until now I don't know any solution that works flawlessly. SMTP was just 
> designed with a couple of flaws and we have to work around the one kind or the 
> other and try not to break too much.

That's because you're confusing spam filtering with source authentication.  These are not the same.  Granted, much spam is also forged but these characteristics are orthogonal - one can occur without the other.