On 02/22/2018 07:51 AM, steve76 wrote:
> ??????????
Claus is saying that when you send an email from Thunderbird, that the
mail server is receiving it, processing it for relay, and subsequently
sending it out to the world. The first stage, where Sendmail receives
the message from Thunderbird is where Claus is talking about filtering
the purported sender (RFC 821 MAIL FROM:<…> and / or RFC 822 From:
header). I.e. authenticated user A is allowed to send emails from
A...@domain1.example and A...@domain2.example but not anything else.
> You know, I am using thunderbird..
> I have a section called "settings" -> "manage Identities"
> Into this, I can create a new identities and says..
> user1 ;
us...@gmail.com
Yes, SMTP in general will allow you to specify what ever you want in the
RFC 821 MAIL FROM and the RFC 822 From: header. - This in and of
itself is a source of a lot of trouble.
> and My email address display, when I want to send an email will be :
> from
us...@gmail.com.. with no problem, sendmail will let me send this
> email.. and that's the problem
Sendmail, and most MTAs that I've tested, will let you send exactly what
you're describing.
Just because Sendmail will allow you to send it does NOT mean that the
emails will get through. There are a number of things looking for,
detecting, and reporting / blocking this very behavior.
- SPF
- DKIM
- DMARC
> On the other side, the header of the email will says..
>
> sender xxx@gmail .. IP address.. ( out IP addres ) "May be forged" ! )
> etc.......
I'm used to the "May be forged" being related to forward and reverse
DNS, particularly in conjunction with the EHLO name that you use. At
least I'm not aware of bad smtp envelope from addresses ever causing
"May be forged" messages.
> Which is not godd for IP reputation
I agree in theory. But I've never needed to worry about that in the
time that I've been administering email servers.
I think it's more important to authenticate the client that's connecting
to the server, via SMTP Authentication (or possibly via SSL
certificate?) and then smack their hands if (when) they do something
they should not be doing. After all, you have authenticated which user
account is being used to send the messages.
Things happen. Mistakes get made. Own up to them and fix them. Most
good admins that I've ever dealt with will cut you some slack if you
show that you're trying to do the correct thing.
Finally, run some standard hygiene on outgoing email and you will likely
be okay.
--
Grant. . . .
unix || die