[conspire] spf and relay

Ivan Sergio Borgonovo mail at webthatworks.it
Fri Mar 14 06:26:57 PDT 2025 


On 3/14/25 12:36 PM, Ron wrote:
> Ivan Sergio Borgonovo wrote on 2025-03-13 04:41:
> 
>> What I do is I've a postfix server at home that collect all the emails 
>> from my lan and relay via sender_dependent_relayhost_map and 
>> smtp_sasl_password_maps to my [service I use to manage my web space 
>> and email]. All PCs at home run a local postfix instance that relay on 
>> my main server at home.
> 
> Is your "service ... manage web space and email" is a VPS you rent?
> 
> 
> Seems like a much more simple method would be to have this:
> 
> relayhost = my_VPS
> 
> ...unless I'm misunderstanding the setup?
> 
> In re-reading, I now suspect it's through a registrar, not a VPS (SASL 
> was the clue).

I't a bit more complicated than a vps... but it is a vps.

Somehow my "email and web provider" has another postfix + their magic in 
front of my vps with my own postfix, so I don't have to deal with the 
full load of taking care of redundancy, spam, security...

I don't think I can just use one relayhost because I need authentication 
and that's not the only MTA I'm relaying on.

> Should you want to strip out headers revealing the originating IP 
> address, since it's your home IP, try this in /etc/postfix/main.cf:
> 
> header_checks = regexp:/etc/postfix/header_checks.pcre
> 
> and in /etc/postfix/header_checks.pcre:
> 
> ## https://www.postfix.org/header_checks.5.html
> ##
> ## Log  a  "strip:"  record  with  the  optional  text... (or log a
> ## generic text), delete the input line from the input, and inspect
> ## the next input line. See IGNORE for a silent alternative.
> /your.isp.com/                        STRIP "Stripped ISP from header"

Interesting but I'd prefer to keep that information in the header 
sometimes it is useful for diagnostics eg. when I send emails from my 
phone I send it directly through my vps.

Second I'd like to understand better if the fact that my home server is 
listed in the Received as the "originator" and not eg. in the spf record 
is OK or not according to the STANDARD and according to what may 
actually happen.

thanks

-- 
Ivan Sergio Borgonovo
https://www.webthatworks.it https://www.borgonovo.net

More information about the conspire mailing list