Jack DeNeut
2005-Mar-09 07:37 UTC
How to set ''Return-Path'' in ActionMailer to avoid SPF failure?
I was wondering if there was any way to set the ''Return-Path''
of an
email when using ActionMailer. Without the ability to set the
''Return-Path'' of an email, it is impossible to avoid being
labeled as
''spam'' by many SMTP gateways if trying to send mail on
another''s
behalf. SPF doesn''t care about the ''from'' line in an
email, only the
''Return-Path''.
Why would I want to do that? Because I am working as a consultant for
another company, and when responding to bug reports I want to make
things easier for the users by replying ''from'' the
client''s domain.
Unfortunately, they can''t give me access to their SMTP server
(they''re
afraid to muck with sendmail and so I get ''can not relay'' when
I use
their SMTP gateway).
For example, here are the headers from a mail I sent to myself using
ActionMailer. As you can see, Gmail has marked it as ''fail''
(in
''Received-SPF'') :
X-Gmail-Received: aac7ac60620782da0f1e605962a47ceaf022a2d0
Delivered-To: jdeneut-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
Received: by 10.38.12.43 with SMTP id 43cs8575rnl;
Tue, 8 Mar 2005 22:51:57 -0800 (PST)
Received: by 10.38.82.76 with SMTP id f76mr547559rnb;
Tue, 08 Mar 2005 22:51:57 -0800 (PST)
Return-Path: <do-not-reply-5tc4TXWwyLM@public.gmane.org>
Received: from omta16.mta.everyone.net (sitemail2.everyone.net
[216.200.145.36])
by mx.gmail.com with ESMTP id 71si394734rna.2005.03.08.22.51.56;
Tue, 08 Mar 2005 22:51:56 -0800 (PST)
Received-SPF: fail (gmail.com: domain of
do-not-reply-5tc4TXWwyLM@public.gmane.org does not
designate 216.200.145.36 as permitted sender)
Received: from pmta01.mta.everyone.net (bigiplb-dsnat [172.16.0.19])
by omta16.mta.everyone.net (Postfix) with ESMTP id 301233FDA8
for <jdeneut-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>; Tue, 8 Mar 2005
22:51:55 -0800 (PST)
X-Eon-Sig: AQIdLpBCLp0L6UAQSwIAAAAB,99b3d5966c8c0368c842a831fa4ddfdd
Received: from smtp.everyone.net (62.245.95.172 [62.245.95.172])
by pmta01.mta.everyone.net (EON-AUTHRELAY) with ESMTP id 24AB116D
for <jdeneut-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>; Tue, 8 Mar 2005
22:51:55 -0800
Date: Wed, 9 Mar 2005 07:51:53 +0100
From: do-not-reply-5tc4TXWwyLM@public.gmane.org
To: jdeneut-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
Subject: =Thank you for your bug report
Content-Type: text/plain; charset=utf-8
Message-Id:
<20050309065155.301233FDA8-CkVda1wFVPjdi7ou1J7GeDGekZJkHWME@public.gmane.org>
I tried this:
class MyMailer < ActionMailer::Base
def my_mail(recipients, post)
@headers["Return-Path"] =
"jdeneut-4GWaZ2qAA/nQT0dZR+AlfA@public.gmane.org"
end
end
but it doesn''t work (trying to set the ''Return-Path''
by playing with
the headers doesn''t work in JavaMail either. Java has an SMTP wrapper
for setting ''Return-Path''). I''ve looked in TMail as
well, but didn''t
see it there. Is this even supported in Ruby (setting the
''Return-Path'')?
Regards,
Jack DeNeut
Stian Grytøyr
2005-Mar-09 08:37 UTC
Re: How to set ''Return-Path'' in ActionMailer to avoid SPF failure?
Jack DeNeut <jdeneut-4GWaZ2qAA/nQT0dZR+AlfA@public.gmane.org> wrote:> I was wondering if there was any way to set the ''Return-Path'' of an > email when using ActionMailer.I believe this is an MTA configuration issue. If you send the mail by SMTP, the MTA typically sets the Return-Path header to be the same as the envelope sender. Afaik, there is no way around this without changing the MTA configuration. Talk to your sysadmin. If you send it with sendmail, some systems allow you to specify the sender address with the -f option, but this normally means that the user running the process that sends the mail must be a trusted user. But I don''t even know if there is a way to specidy the -f option with ActionMailer. -- Regards, Stian Grytøyr
Guan Yang
2005-Mar-09 09:12 UTC
Re: How to set ''Return-Path'' in ActionMailer to avoid SPF failure?
On 9 Mar 2005, at 9:37, Stian Grytøyr wrote:> Jack DeNeut <jdeneut-4GWaZ2qAA/nQT0dZR+AlfA@public.gmane.org> wrote: > >> I was wondering if there was any way to set the ''Return-Path'' of an >> email when using ActionMailer. > > I believe this is an MTA configuration issue. If you send the mail > by SMTP, the MTA typically sets the Return-Path header to be the > same as the envelope sender. Afaik, there is no way around this > without changing the MTA configuration. Talk to your sysadmin. > > If you send it with sendmail, some systems allow you to specify > the sender address with the -f option, but this normally means that > the user running the process that sends the mail must be a trusted > user. But I don''t even know if there is a way to specidy the -f option > with ActionMailer.It''s not an MTA configuration issue. Actually, it''s even easier to set Return-Path when you''re sending with SMTP, because Return-Path is simply the envelope sender address. Consider: [guan@guanmac guan]$ telnet unicast.org 25 Trying 213.150.32.36... Connected to unicast.org. Escape character is ''^]''. 220 charon.unicast.org ESMTP ehlo localhost 250-charon.unicast.org 250-AUTH LOGIN CRAM-MD5 PLAIN 250-AUTH=LOGIN CRAM-MD5 PLAIN 250-PIPELINING 250 8BITMIME mail from:<fake-return-path-Tn7NQuJrROJAfugRpC6u6w@public.gmane.org> 250 ok rcpt to:<guan-Tn7NQuJrROJAfugRpC6u6w@public.gmane.org> 250 ok data 354 go ahead From: real-return-path-Tn7NQuJrROJAfugRpC6u6w@public.gmane.org To: guan-Tn7NQuJrROJAfugRpC6u6w@public.gmane.org Subject: I''m faking it! . 250 ok 1110359482 qp 1884 quit 221 charon.unicast.org Connection closed by foreign host. The address that I''ve entered in the mail from line, fake-return-path-Tn7NQuJrROJAfugRpC6u6w@public.gmane.org, is known as the envelope sender in the SMTP world, and shows up as return-path when I receive the message. Of course, I don''t actually know how to set it using ActionMailer ;-) Guan
Stian Grytøyr
2005-Mar-09 09:27 UTC
Re: How to set ''Return-Path'' in ActionMailer to avoid SPF failure?
Guan Yang <guan-Tn7NQuJrROJAfugRpC6u6w@public.gmane.org> wrote:> It''s not an MTA configuration issue. Actually, it''s even easier to set > Return-Path when you''re sending with SMTP, because Return-Path is > simply the envelope sender address. Consider:I may have misread OP, but I got the impression that he needed to set the Return-Path to something different from the envelope sender address. In that case, you''d need to configure the MTA to _not_ set the Return-Path to the same as the envelope sender address. -- Regards, Stian Grytøyr
Stian Grytøyr
2005-Mar-09 10:29 UTC
Re: How to set ''Return-Path'' in ActionMailer to avoid SPF failure?
Stian Grytøyr <sgrytoyr-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I may have misread OP, but I got the impression that he needed to > set the Return-Path to something different from the envelope sender > address. In that case, you''d need to configure the MTA to _not_ set > the Return-Path to the same as the envelope sender address.I need to correct myself here. It is not possible to have a Return-Path that is different from the envelope sender address, no matter how much you configure the local MTA. At least that''s my conclusion after discussing this with Guan off-list. SPF uses the envelope sender address to determine whether or not the mail should pass. The Return-Path header is then added by the last MTA. My tests seem to confirm this. There is no Return-Path in the headers as the mail goes over the network from the originating MTA to the recipient''s MTA. -- Regards, Stian Grytøyr
Sebastian Kanthak
2005-Mar-09 19:51 UTC
Re: How to set ''Return-Path'' in ActionMailer to avoid SPF failure?
Stian Grytøyr wrote:>SPF uses the envelope sender address to determine whether or not >the mail should pass. The Return-Path header is then added by the >last MTA. My tests seem to confirm this. There is no Return-Path in >the headers as the mail goes over the network from the originating MTA >to the recipient''s MTA. > > >the Return-Path header is a qmail-specific header. The last (qmail) MTA sets it to the envelope address it got when receiving the mail via SMTP. Sendmail does the same thing, but writes a "From a@b.com" (without a colon) in the first line of the mbox. When using SMTP you can set the envelope from address to whatever you want as was shown earlier in this thread. Sebastian
Michael Koziarski
2005-Mar-09 20:01 UTC
Re: How to set ''Return-Path'' in ActionMailer to avoid SPF failure?
On Wed, 9 Mar 2005 08:37:59 +0100, Jack DeNeut <jdeneut-4GWaZ2qAA/nQT0dZR+AlfA@public.gmane.org> wrote:> I was wondering if there was any way to set the ''Return-Path'' of an > email when using ActionMailer. Without the ability to set the > ''Return-Path'' of an email, it is impossible to avoid being labeled as > ''spam'' by many SMTP gateways if trying to send mail on another''s > behalf. SPF doesn''t care about the ''from'' line in an email, only the > ''Return-Path''.It strikes me that what you''re trying to do is the *reason* SPF was created. If it were easy for any old person to set the relevant headers SPF would be .... useless. Have I missed something?> Why would I want to do that? Because I am working as a consultant for > another company, and when responding to bug reports I want to make > things easier for the users by replying ''from'' the client''s domain. > Unfortunately, they can''t give me access to their SMTP server (they''re > afraid to muck with sendmail and so I get ''can not relay'' when I use > their SMTP gateway). > > For example, here are the headers from a mail I sent to myself using > ActionMailer. As you can see, Gmail has marked it as ''fail'' (in > ''Received-SPF'') : > > X-Gmail-Received: aac7ac60620782da0f1e605962a47ceaf022a2d0 > Delivered-To: jdeneut-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org > Received: by 10.38.12.43 with SMTP id 43cs8575rnl; > Tue, 8 Mar 2005 22:51:57 -0800 (PST) > Received: by 10.38.82.76 with SMTP id f76mr547559rnb; > Tue, 08 Mar 2005 22:51:57 -0800 (PST) > Return-Path: <do-not-reply-5tc4TXWwyLM@public.gmane.org> > Received: from omta16.mta.everyone.net (sitemail2.everyone.net > [216.200.145.36]) > by mx.gmail.com with ESMTP id 71si394734rna.2005.03.08.22.51.56; > Tue, 08 Mar 2005 22:51:56 -0800 (PST) > Received-SPF: fail (gmail.com: domain of do-not-reply-5tc4TXWwyLM@public.gmane.org does not > designate 216.200.145.36 as permitted sender) > Received: from pmta01.mta.everyone.net (bigiplb-dsnat [172.16.0.19]) > by omta16.mta.everyone.net (Postfix) with ESMTP id 301233FDA8 > for <jdeneut-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>; Tue, 8 Mar 2005 22:51:55 -0800 (PST) > X-Eon-Sig: AQIdLpBCLp0L6UAQSwIAAAAB,99b3d5966c8c0368c842a831fa4ddfdd > Received: from smtp.everyone.net (62.245.95.172 [62.245.95.172]) > by pmta01.mta.everyone.net (EON-AUTHRELAY) with ESMTP id 24AB116D > for <jdeneut-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>; Tue, 8 Mar 2005 22:51:55 -0800 > Date: Wed, 9 Mar 2005 07:51:53 +0100 > From: do-not-reply-5tc4TXWwyLM@public.gmane.org > To: jdeneut-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org > Subject: =Thank you for your bug report > Content-Type: text/plain; charset=utf-8 > Message-Id: <20050309065155.301233FDA8-CkVda1wFVPjdi7ou1J7GeDGekZJkHWME@public.gmane.org> > > I tried this: > class MyMailer < ActionMailer::Base > def my_mail(recipients, post) > @headers["Return-Path"] = "jdeneut-4GWaZ2qAA/nQT0dZR+AlfA@public.gmane.org" > end > end > > but it doesn''t work (trying to set the ''Return-Path'' by playing with > the headers doesn''t work in JavaMail either. Java has an SMTP wrapper > for setting ''Return-Path''). I''ve looked in TMail as well, but didn''t > see it there. Is this even supported in Ruby (setting the > ''Return-Path'')? > > Regards, > > Jack DeNeut > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-- Cheers Koz
Guan Yang
2005-Mar-09 20:16 UTC
Re: How to set ''Return-Path'' in ActionMailer to avoid SPF failure?
On 9 Mar 2005, at 20:51, Sebastian Kanthak wrote:> the Return-Path header is a qmail-specific header.Return-Path is defined in RFC2821 section 4.4. It''s not qmail specific. Guan
Sebastian Kanthak
2005-Mar-09 21:35 UTC
Re: How to set ''Return-Path'' in ActionMailer to avoid SPF failure?
Hi, Michael Koziarski wrote:>On Wed, 9 Mar 2005 08:37:59 +0100, Jack DeNeut <jdeneut-4GWaZ2qAA/nQT0dZR+AlfA@public.gmane.org> wrote: > > >>I was wondering if there was any way to set the ''Return-Path'' of an >>email when using ActionMailer. Without the ability to set the >>''Return-Path'' of an email, it is impossible to avoid being labeled as >>''spam'' by many SMTP gateways if trying to send mail on another''s >>behalf. SPF doesn''t care about the ''from'' line in an email, only the >>''Return-Path''. >> >> > >It strikes me that what you''re trying to do is the *reason* SPF was >created. If it were easy for any old person to set the relevant >headers SPF would be .... useless. > >Have I missed something? > > >AFAIK, what SPF does, is to check whether the domain of the Return-Path address and the IP-address of the last SMTP server that sent the message (can be found in the last "Received:" header and can not be manipulated as it is added by the receiving mail server) match. "Match" means that you check a special DNS entry to see, if this IP is authorized to send e-mails with the domain used in the Return-Path. So to be SPF-compliant you have to set the Return-Path to a domain where you control DNS and have a DNS entry that permits your IP to send e-mails with this domain in the Return-Path. So in the scenario described, you are fine, when you set the from-address to the value supplied by the user, but the Return-Path address to a mailbox in your domain. This means that you''ll get bounces and that it is clear, who is responsible for the e-mail. Hope this explanation was mostly correct... Sebastian