[fetchmail]Does SPF break fetchmail?

[Rob Funk]

Neil Harkins wrote:
> Hi. I used fetchmail for a few projects over the past 10 years,
> and was curious how it deals with SPF (Sender Policy Framework,
> http://spf.pobox.com).

Some links I collected when considering whether to use SPF on my mail 
server:
http://homepages.tesco.net./~J.deBoynePollard/FGA/smtp-spf-is-harmful.html
http://bradknowles.typepad.com/considered_harmful/2004/05/spf.html
http://david.woodhou.se/why-not-spf.html

I decided not to enforce SPF.

I'm sure Matthias also has thoughts on the topic.

> If fetchmail retrieves a remote message, then resubmits it locally
> on port 25 with the original sender on the envelope, those messages
> would be blocked if the local server is enforcing SPF, because the
> local machine's ip isn't listed as a valid sender for the domain
> which originally sent the mail. :(

That's what you asked for if you enforce SPF.

> I see in the fetchmail 5.0 feature list that:
>  * Fetchmail can be told to fall back to delivering
>    via local sendmail if it can't open port 25.
> Is there any way to make that the primary behavior
> instead of just a "fall-back"?

I think you're looking for the mda option (which wasn't intended for this 
purpose), though I'm not sure that'll solve your SPF problem.

> Anyway, any thoughts on the matter would be greatly appreciated!

Thoughts?  If you use SPF at all, use it as a small part of a scoring 
system like SpamAssassin, which along with the scoring can also be told 
which hosts are trusted and can look at Received headers rather than just 
the current SMTP transaction.

SPF failure alone should not make a message be rejected.

-- 
==============================|   "A microscope locked in on one point
 Rob Funk <rfunk@funknet.net> |Never sees what kind of room that it's in"
 http://www.funknet.net/rfunk |    -- Chris Mars, "Stuck in Rewind"