Say someone has setup spf for his domain and sends an email to a user that has in roundcube enabled the sieve forward. If the message is forwarded without altering the message headers, this could result in a message being blocked or not relayed, because sending hosts ip, is not in the spf of the from: domain. Possible solutions are: - add option if enabled, it replaces the From: with that of the email address of the sieve user. (Maybe move the original sender to the Reply-To header? Maybe exception for 'internal' forward?) - Upon processing the message, check the spf records, if they are enforced, do the above, otherwise do nothing. https://tools.ietf.org/html/rfc5228#section-4.2
There's no ambiguity here, if you send a message, you are the sender. The envelope from should be yours. On Sunday, 25/10/2020 at 11:48 Marc Roos wrote: Say someone has setup spf for his domain and sends an email to a user that has in roundcube enabled the sieve forward. If the message is forwarded without altering the message headers, this could result in a message being blocked or not relayed, because sending hosts ip, is not in the spf of the from: domain. Possible solutions are: -??add option if enabled, it replaces the From: with that of the email address of the sieve user. (Maybe move the original sender to the Reply-To header? Maybe exception for 'internal' forward?) -??Upon processing the message, check the spf records, if they are enforced, do the above, otherwise do nothing. https://tools.ietf.org/html/rfc5228#section-4.2 -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20201025/26a733ff/attachment.html>
However as far as I can determine from my forward test is that, the from header is currently from the original message and not from the forwarder. -----Original Message----- From: Scott Q. [mailto:qmail at top-consulting.net] Sent: Sunday, October 25, 2020 5:01 PM To: Marc Roos; dovecot Subject: Re: forwarding email with sieve of spf domains There's no ambiguity here, if you send a message, you are the sender. The envelope from should be yours. On Sunday, 25/10/2020 at 11:48 Marc Roos wrote: Say someone has setup spf for his domain and sends an email to a user that has in roundcube enabled the sieve forward. If the message is forwarded without altering the message headers, this could result in a message being blocked or not relayed, because sending hosts ip, is not in the spf of the from: domain. Possible solutions are: - add option if enabled, it replaces the From: with that of the email address of the sieve user. (Maybe move the original sender to the Reply-To header? Maybe exception for 'internal' forward?) - Upon processing the message, check the spf records, if they are enforced, do the above, otherwise do nothing. https://tools.ietf.org/html/rfc5228#section-4.2
Yes, putting the From: into Reply-To: is a good idea to ensure the reply button in receiver?s client doesn't break. But remember to ONLY do it when Reply-To: is not present. To avoid removing important information from the email, like the original sender, it can be good to always add a header like X-Original-Sender with the original from: when rewriting in this way. OTOH I think this type of rewriting should be done in the MTA that is responsible for sending the email off the server, NOT in dovecot/sieve. In exim theres already built-in support for this type of rewriting, and I have such rewriting on all domains for which are forward-only - to avoid SPF errors. -----Ursprungligt meddelande----- Fr?n: dovecot-bounces at dovecot.org <dovecot-bounces at dovecot.org> F?r Marc Roos Skickat: den 25 oktober 2020 16:49 Till: dovecot <dovecot at dovecot.org> ?mne: forwarding email with sieve of spf domains Say someone has setup spf for his domain and sends an email to a user that has in roundcube enabled the sieve forward. If the message is forwarded without altering the message headers, this could result in a message being blocked or not relayed, because sending hosts ip, is not in the spf of the from: domain. Possible solutions are: - add option if enabled, it replaces the From: with that of the email address of the sieve user. (Maybe move the original sender to the Reply-To header? Maybe exception for 'internal' forward?) - Upon processing the message, check the spf records, if they are enforced, do the above, otherwise do nothing. https://tools.ietf.org/html/rfc5228#section-4.2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5715 bytes Desc: S/MIME Cryptographic Signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20201025/8f0ec354/attachment.p7s>
He of course meant the From: MIME sender. This can fail in a SPF check if identity aligment is set to strict. Rewriting the From: heasder is one way to solve it, another way which preserves the original message in full, is to encapsulate the original message ina new message/rfc822 container where the new outer container, does have the rewritten details. Fr?n: dovecot-bounces at dovecot.org <dovecot-bounces at dovecot.org> F?r Scott Q. Skickat: den 25 oktober 2020 17:02 Till: Marc Roos <m.roos at f1-outsourcing.eu>; dovecot <dovecot at dovecot.org> ?mne: Re: forwarding email with sieve of spf domains There's no ambiguity here, if you send a message, you are the sender. The envelope from should be yours. On Sunday, 25/10/2020 at 11:48 Marc Roos wrote: Say someone has setup spf for his domain and sends an email to a user that has in roundcube enabled the sieve forward. If the message is forwarded without altering the message headers, this could result in a message being blocked or not relayed, because sending hosts ip, is not in the spf of the from: domain. Possible solutions are: - add option if enabled, it replaces the From: with that of the email address of the sieve user. (Maybe move the original sender to the Reply-To header? Maybe exception for 'internal' forward?) - Upon processing the message, check the spf records, if they are enforced, do the above, otherwise do nothing. https://tools.ietf.org/html/rfc5228#section-4.2 -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20201025/4fce91bf/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5715 bytes Desc: S/MIME Cryptographic Signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20201025/4fce91bf/attachment-0001.p7s>
Am 25.10.20 um 16:48 schrieb Marc Roos:> > Say someone has setup spf for his domain and sends an email to a user > that has in roundcube enabled the sieve forward. If the message is > forwarded without altering the message headers, this could result in a > message being blocked or not relayed, because sending hosts ip, is not > in the spf of the from: domain. > > Possible solutions are: > > - add option if enabled, it replaces the From: with that of the email > address of the sieve user. (Maybe move the original sender to the > Reply-To header? Maybe exception for 'internal' forward?) > - Upon processing the message, check the spf records, if they are > enforced, do the above, otherwise do nothing. > > > https://tools.ietf.org/html/rfc5228#section-4.2 >long time ago i did tests about this https://blog.sys4.de/email-forward-mit-sieve-ohne-spf-dmarc-und-dkim-konflikte-de.html perhaps it helps , but its not up2date -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Schlei?heimer Stra?e 26/MG, 80333 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Marc Roos skrev den 2020-10-25 16:48:> Say someone has setup spf for his domain and sends an email to a user > that has in roundcube enabled the sieve forward.roundcube does change envelope from on forwarding emails, if thats not the case i like to see logs proving it does not sorry if it miss that in sieve rules> https://tools.ietf.org/html/rfc5228#section-4.2oh well lets talk about dmarc now, where srs is not supported, likewise sid-milter still do sender-id tracking we are in 2020 now
On 25/10/2020 16:48, Marc Roos wrote:> Say someone has setup spf for his domain and sends an email to a user > that has in roundcube enabled the sieve forward. If the message is > forwarded without altering the message headers, this could result in a > message being blocked or not relayed, because sending hosts ip, is not > in the spf of the from: domain. > > Possible solutions are: > > - add option if enabled, it replaces the From: with that of the email > address of the sieve user. (Maybe move the original sender to the > Reply-To header? Maybe exception for 'internal' forward?) > - Upon processing the message, check the spf records, if they are > enforced, do the above, otherwise do nothing. > > > https://tools.ietf.org/html/rfc5228#section-4.2This setting is related: https://doc.dovecot.org/settings/pigeonhole/#plugin-sieve-setting-sieve-redirect-envelope-from Regards, Stephan.