[fetchmail]Does SPF break fetchmail?

Matthias Andree matthias.andree@gmx.de
Sat, 09 Jul 2005 20:20:03 +0200 

Neil Harkins <nharkins@well.com> writes:

> On Sat, 9 Jul 2005, Rob MacGregor wrote:
>> On 08/07/05, Neil Harkins <nharkins@well.com> wrote:
>> > Hi. I used fetchmail for a few projects over the past 10 years,
>> > and was curious how it deals with SPF (Sender Policy Framework,
>> > http://spf.pobox.com).
>> 
>> Given that it pre-dates it, I'd say not at all :-)
>
> sendmail predates SPF, yet it can support SPF.
> fetchmail is a tool, with maintainers, that has added 
> new features to be compatible with new standards. 

Do did sendmail.

> Ultimately, mail aggregation like fetchmail is the main 
> problem with SPF. I started the thread to see if any thought 
> has been given towards making it work, instead of ignoring 
> what is an otherwise admirable anti-spam effort.

I don't have interest in SPF: it is permanently getting in my way, and
several common and prominent problems such as mail forwarding haven't
been solved yet. SPF creates more problems than it solves.

> If --mda gets around it with most mailers, then 
> it certainly seems like something worth mentioning 
> in the documentation.

--mda is weakly supported and has certain restrictions. For instance, in
multidrop mode, the MDA must be able to deliver the message to several
recipients (no MDA I know does this), --mda mode cannot bounce
undeliverable mail and so on.

You CAN however try to use the sendmail command (or compatibility
wrapper of Postfix's for instance) to carry the mail forward,
documentation in the manual page, and it must be followed literally, and
certainly not in multidrop configurations. At least bouncing would then
work in some more cases (although not in all, unless you use the
original BSD sendmail 8.12 or 8.13 or whatever is current now).

> I'm asking if that precedence can be *configured* in the conf,

No precedence, the mda-option is final and disables SMTP.

>> Adding to what others have said, you may want to configure your system
>> such that connections on the loopback interface are exempt from SPF
>> checks.  That should solve the problem.
>
> Yes, in most cases that would work, however some may use fetchmail 
> from a shell account where they don't have root. 

Then you'll have to use the mda option and replace the envelope sender.

-- 
Matthias Andree