Poor man mailinglist working without SPF problems

This document is about the implementation of a poor man mailinglist which don't run in the SPF forwarding problem as described below. I couldnt find any solution which fit best for my problem. Forwarding your personal emails to another address isn't covered in this document. You will find other, better described sources for it.

SPF (Sender Policy Framework) is a spam preventing system. It only accept mails from in the nameserver defined mailservers.

SPF breaks the over more as one decade used mail forwarding process. An example:
Mailaddress foo@bar.tld gets forwarded to bla@fasel.tld by using unix .forward, procmail, /etc/aliases or postfix virtual maps (beside much other possibilitys to do this).
Now user bar@gmx.de sends an email to foo@bar.tld. The mailserver bar.tld accepts this mail and forwards it to bla@fasel.tld. Mailserver fasel.tld checks the SPF record of gmx.de

$ host -t txt gmx.de
gmx.de text "v=spf1 ip4:213.165.64.0/23 -all"

and see "Mail from sender bar@gmx.de is only allowed from servers in the subnet 213.165.64.0/23". So Mailserver fasel.tld reject the mail, because bar.tld isn't an allowed sender of mails from gmx.de and bar@gmx.de wont get his email.

Beside this problem, SPF is much more broken by design as a quick google search will show you. But this is disussed in other articles.

Now, we are all lazy, we don't need majordomo, mailman or any other mailinglist manager if we just need one address, which get forwarded to a hand full of emailaddresses. In the past we wrote

mailinglist: email1@host1.tld, email2@host2.tld, email3@host3.tld

in our /etc/aliases file and where happy. Since SPF is used by some providers and companys we could run into problems with it. So, how can we handle it without installing a mailinglist manager or SRS (Sender Rewriting Scheme)?

First you need a configured procmail so it wont screw up our mail. Then we forward all mail from mailinglist to our useraccount (prevents us using sudo everytime we add or remove a user from this list, too):

mailinglist: user_on_this_server

In our user_on_this_server account we write the following rules at a good place (for example at the beginning) in /home/user_on_this_server/.procmailrc:

## ----------------------------------------------------------------------------
##  Poor man mailinglist
## ----------------------------------------------------------------------------
:0 fhw
* ^To:.*mailinglist@mydomain.tld.*
* !^Old-Sender:.*@.*                                                            
| formail -i"Sender: mailinglist@mydomain.tld"
:0
* ^Sender:.*mailinglist@mydomain.tld.*
* !^FROM_DAEMON
* !^Old-Sender:.*@.*                                                            
! email1@host1.tld,email2@host2.tld,email3@host3.tld

Now there shouldnt be any cause of SPF bounced emails anymore.

How it works? First we change the Sender (the original Sender line gets renamed to Old-Sender), so it avoids SPF bounces. Then we forward the mail.
We need the Old-Sender check to avoid sending an email twice (or more times, depending on the MTA) to the mailinglist users, which only happens if mail gets also forwarded to an adress procmailrc handels mail from. The FROM_DAEMON checks if a mail got bounced and don't forward these mails.

If we want to receive this email with this useraccount, too, we should use

:0 c

as the last condition. This means that a copy gets mailed to all the emailaddresses.

Never forget, there is more than one way to do it!

uhrig.eu.org/unix/

$Id: index.html,v 1.1 2008-06-10 01:12:00 volker Exp $