Mailing List Archive

Hi,

On Thu, Jul 29, 2004 at 04:55:24PM +1000, Broun, Bevan wrote:
> Hi all
>
> We have all our internet bound mail (by multiple MTAs) relyed to our DMZ mail machine
> (sendmail). Am I correct in thinking that I want :
>
> sendmail to use SRS to rewrite all envelope addresses.

It depends. If your outbound sendmail is doing masquerading on the envelope from, it
is not neccesary. I have a similar setup, where all my outbound mail masqueraded to
originate from @sonologic.nl, with the exception of @metro.cx from addresses.

In sendmail this can be done by something like this in your sendmail.mc:

FEATURE(masquerade_entire_domain)
FEATURE(`masquerade_envelope')
MASQUERADE_AS(sonologic.nl)
MASQUERADE_DOMAIN(some.local.domain)
MASQUERADE_EXCEPTION(metro.cx)

Of course, if you do any alias/.forward/virtuser based forwarding to hosts which
don't whitelist your smtp server, you'll need srs anyway. Again, you have several
options here. There is a solution which uses program maps to call a perl program
for every srs rewrite, you can also link libsrs/libsrs2 with sendmail using the
patch.

> sendmail compiled with libspf so it will reject based on spf.

You can alternatively use a sendmail spf milter or libspf2, although libspf will
work fine.

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com