Hcfyk

Does higher resolution in an image imply more bits per pixel?

Junior developer struggles: how to communicate with management?

My ID is expired, can I fly to the Bahamas with my passport

Visa for volunteering in England

Is it always OK to ask for a copy of the lecturer's slides?

Historically, were women trained for obligatory wars? Or did they serve some other military function?

Why do computer-science majors learn calculus?

I caught several of my students plagiarizing. Could it be my fault as a teacher?

How to implement float hashing with approximate equality

Which skill should be used for secret doors or traps: Perception or Investigation?

How do I tell my manager that his code review comment is wrong?

What are the spoon bit of a spoon and fork bit of a fork called?

Why are there synthetic chemicals in our bodies? Where do they come from?

What is the limiting factor for a CAN bus to exceed 1Mbps bandwidth?

Binary Numbers Magic Trick

Can a cyclic Amine form an Amide?

Feels like I am getting dragged into office politics

A non-technological, repeating, phenomenon in the sky, holding its position in the sky for hours

How could a planet have most of its water in the atmosphere?

How to get SEEK accessing converted ID via view

When and why did journal article titles become descriptive, rather than creatively allusive?

Is lying to get "gardening leave" fraud?

How to back up a running Linode server?

Meaning of "individuandum"

Can MTA send mail via a relay without being told so?

relay mail from one postfix server to anotherZimbra doesn't send mail via smtp relay anmorePostfix: 'Relay access denied' - all incoming mail is rejectedSetting up SPF and initial questionsUsing SPF for spoof protectionCan't send mail from own server to GoogleAllowing a partially trusted server to send mail for one given address via SPF / DKIMSPF with -all includes directive with ~all?Setting SPF record for mail relay servers to avoid softfailSPF setup for mail and relay server

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

4

I'm thinking of adding an SPF to a domain. So I'm concerned if there are circumstances under which my MTA would use some relay when sending mail. Like, when the destination servers are too busy or something? I'm mainly interested in postfix's or exim's default settings.

email postfix exim spf

share|improve this question

asked Mar 30 at 13:45

x-yurix-yuri

449816

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  On the sending site MTAs can use long chains of relays, that’s typical In an enterprise setting, passing through site local installations, enterprise Gateways, spam filters and possibly a public cloud/isp service for sending, The chain is however configured or enforced privately. Once the public MTA sends it only picks a primary or secondary MX. It is not uncommon to use secondary MXs of your provider and your filtering must deal with it. It is however something you configure with your MX DNS records, so it is configured by the recipient admins.
  
  – eckes
  Mar 30 at 20:34
  

  
  
  
  

add a comment | 

4

I'm thinking of adding an SPF to a domain. So I'm concerned if there are circumstances under which my MTA would use some relay when sending mail. Like, when the destination servers are too busy or something? I'm mainly interested in postfix's or exim's default settings.

email postfix exim spf

share|improve this question

asked Mar 30 at 13:45

x-yurix-yuri

449816

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  On the sending site MTAs can use long chains of relays, that’s typical In an enterprise setting, passing through site local installations, enterprise Gateways, spam filters and possibly a public cloud/isp service for sending, The chain is however configured or enforced privately. Once the public MTA sends it only picks a primary or secondary MX. It is not uncommon to use secondary MXs of your provider and your filtering must deal with it. It is however something you configure with your MX DNS records, so it is configured by the recipient admins.
  
  – eckes
  Mar 30 at 20:34
  

  
  
  
  

add a comment | 

I'm thinking of adding an SPF to a domain. So I'm concerned if there are circumstances under which my MTA would use some relay when sending mail. Like, when the destination servers are too busy or something? I'm mainly interested in postfix's or exim's default settings.

email postfix exim spf

share|improve this question

asked Mar 30 at 13:45

x-yurix-yuri

449816

share|improve this question

asked Mar 30 at 13:45

x-yurix-yuri

449816

share|improve this question

asked Mar 30 at 13:45

x-yurix-yuri

449816

asked Mar 30 at 13:45

x-yurix-yuri

449816

asked Mar 30 at 13:45

x-yurix-yuri

449816

3 Answers
3

active

oldest

votes

12

No, if you don’t configure any relay (and don’t fiddle around on the network layer) , an MTA will try to deliver to whatever DNS says should get the mail.

share|improve this answer

answered Mar 30 at 13:53

Sven♦Sven

88k10148202

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Can you please check out the other answer? The answers differ because yours targets part of the way from sending MTA to MX-server, and the other one from MX-server to the destination server (those last two might apparently match)? In other words, sending MTA would not use a relay unless told so, but after reaching MX-server an email might be relayed or forwarded elsewhere, is this it? Or the other answer is incorrect?
  
  – x-yuri
  Apr 17 at 19:47
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  My answer deals with your question as written (and is correct as such :)). The other answers takes as step back, looking at the whole picture and explains why having an SPF record and no "accidental relay" is not necessarily enough to guarantee mail delivery. It's a good answer that rises important points, but in a strict sense,it doesn't correctly answer your question as written (but again: it's a good answer, don't ignore it).
  
  – Sven♦
  Apr 17 at 21:58
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  The thing is: Mail is a mess, and "modern" additions like SPF, DKIM or DMARC have a tendency to create new problems that require us to consider a wider view then originally necessary. Traditionally, a mail server would drop off mail at the remote MX and it didn't need to care at all what happens afterwards. SPF can make this important again.
  
  – Sven♦
  Apr 17 at 21:59
  
  

  
  
  
  

add a comment | 

4

I'm concerned if there are circumstances under which my MTA would use
some relay when sending mail.

No. Your server will attempt to send email to the server whose host is described by the MX record(s) for the destination domain.

share|improve this answer

edited Mar 31 at 1:32

Lightness Races in Orbit

275416

answered Mar 30 at 16:53

joeqwertyjoeqwerty

96.8k465149

add a comment | 

3

Of course there is. If you send mail from an address x-yuri@example.com and the recipient is john@nice-domain.com you don't know whether it will relay that mail. You will often see the situation that the mail lands finally in john.priv@google.com and you will get a report from google.com who report a quarantined message because of SPF failure.

This is why you always need DMARC and DKIM, and SPF is your backup mechanism for (rare) cases when DKIM fails on you. A good description is in chapter 1 and 2 of RFC 7489 (DMARC).

share|improve this answer

edited Apr 15 at 20:50

answered Apr 13 at 9:02

kubanczykkubanczyk

10.7k32946

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Isn't what you're talking about is forwarding, not relaying?
  
  – x-yuri
  Apr 15 at 11:37
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @x-yuri You're right. Since these situations are indistinguishable and I think relevant in your scenario, I've reframed your question.
  
  – kubanczyk
  Apr 15 at 13:56
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  AFAICT, the question and the other answers are about the sending side. Changing the question would invalidate the answers. Or not? But we can probably have a tangential answer. Although I have questions. You're talking about forwarding alone, or both (forwarding + relaying)? "Does SPF break forwarding? Yes, but only if the receiver checks SPF without understanding their mail receiving architecture." Can't I rely on most of the receivers to behave properly?
  
  – x-yuri
  Apr 15 at 19:51
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Let it be a tangential answer. Forwarding is a real concern for a sender who wants to avoid phishing attempts. Re-mailing is not even an option nowadays - you are using outdated docs. What you probably need to read is chapter 1 and 2 of RFC 7489 (DMARC).
  
  – kubanczyk
  Apr 15 at 20:48
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I'm really not sure what those two chapters were supposed to explain. I've set up SPF, DKIM and DMARC for a couple of domains lately. Let's put things straight. We're talking about a part of the path where an email has reached the MX-server? Do your concerns has to do with forwarding, or both? Also, I'm surprised the other answers have received so many upvotes if what you're saying is true. Is this because of the way I have worded the question? The other answers are about a part of the way where an email hasn't reached the MX-server? @Sven @joeqwerty Can you confirm?
  
  – x-yuri
  Apr 16 at 11:13
  

  
  
  
  

 | 
show 1 more comment

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f960748%2fcan-mta-send-mail-via-a-relay-without-being-told-so%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

12

No, if you don’t configure any relay (and don’t fiddle around on the network layer) , an MTA will try to deliver to whatever DNS says should get the mail.

share|improve this answer

answered Mar 30 at 13:53

Sven♦Sven

88k10148202

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Can you please check out the other answer? The answers differ because yours targets part of the way from sending MTA to MX-server, and the other one from MX-server to the destination server (those last two might apparently match)? In other words, sending MTA would not use a relay unless told so, but after reaching MX-server an email might be relayed or forwarded elsewhere, is this it? Or the other answer is incorrect?
  
  – x-yuri
  Apr 17 at 19:47
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  My answer deals with your question as written (and is correct as such :)). The other answers takes as step back, looking at the whole picture and explains why having an SPF record and no "accidental relay" is not necessarily enough to guarantee mail delivery. It's a good answer that rises important points, but in a strict sense,it doesn't correctly answer your question as written (but again: it's a good answer, don't ignore it).
  
  – Sven♦
  Apr 17 at 21:58
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  The thing is: Mail is a mess, and "modern" additions like SPF, DKIM or DMARC have a tendency to create new problems that require us to consider a wider view then originally necessary. Traditionally, a mail server would drop off mail at the remote MX and it didn't need to care at all what happens afterwards. SPF can make this important again.
  
  – Sven♦
  Apr 17 at 21:59
  
  

  
  
  
  

add a comment | 

12

No, if you don’t configure any relay (and don’t fiddle around on the network layer) , an MTA will try to deliver to whatever DNS says should get the mail.

share|improve this answer

answered Mar 30 at 13:53

Sven♦Sven

88k10148202

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Can you please check out the other answer? The answers differ because yours targets part of the way from sending MTA to MX-server, and the other one from MX-server to the destination server (those last two might apparently match)? In other words, sending MTA would not use a relay unless told so, but after reaching MX-server an email might be relayed or forwarded elsewhere, is this it? Or the other answer is incorrect?
  
  – x-yuri
  Apr 17 at 19:47
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  My answer deals with your question as written (and is correct as such :)). The other answers takes as step back, looking at the whole picture and explains why having an SPF record and no "accidental relay" is not necessarily enough to guarantee mail delivery. It's a good answer that rises important points, but in a strict sense,it doesn't correctly answer your question as written (but again: it's a good answer, don't ignore it).
  
  – Sven♦
  Apr 17 at 21:58
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  The thing is: Mail is a mess, and "modern" additions like SPF, DKIM or DMARC have a tendency to create new problems that require us to consider a wider view then originally necessary. Traditionally, a mail server would drop off mail at the remote MX and it didn't need to care at all what happens afterwards. SPF can make this important again.
  
  – Sven♦
  Apr 17 at 21:59
  
  

  
  
  
  

add a comment | 

No, if you don’t configure any relay (and don’t fiddle around on the network layer) , an MTA will try to deliver to whatever DNS says should get the mail.

share|improve this answer

answered Mar 30 at 13:53

Sven♦Sven

88k10148202

share|improve this answer

answered Mar 30 at 13:53

Sven♦Sven

88k10148202

answered Mar 30 at 13:53

Sven♦Sven

88k10148202

answered Mar 30 at 13:53

Sven♦Sven

88k10148202

4

I'm concerned if there are circumstances under which my MTA would use
some relay when sending mail.

No. Your server will attempt to send email to the server whose host is described by the MX record(s) for the destination domain.

share|improve this answer

edited Mar 31 at 1:32

Lightness Races in Orbit

275416

answered Mar 30 at 16:53

joeqwertyjoeqwerty

96.8k465149

add a comment | 

4

I'm concerned if there are circumstances under which my MTA would use
some relay when sending mail.

No. Your server will attempt to send email to the server whose host is described by the MX record(s) for the destination domain.

share|improve this answer

edited Mar 31 at 1:32

Lightness Races in Orbit

275416

answered Mar 30 at 16:53

joeqwertyjoeqwerty

96.8k465149

add a comment | 

I'm concerned if there are circumstances under which my MTA would use
some relay when sending mail.

No. Your server will attempt to send email to the server whose host is described by the MX record(s) for the destination domain.

share|improve this answer

edited Mar 31 at 1:32

Lightness Races in Orbit

275416

answered Mar 30 at 16:53

joeqwertyjoeqwerty

96.8k465149

share|improve this answer

edited Mar 31 at 1:32

Lightness Races in Orbit

275416

answered Mar 30 at 16:53

joeqwertyjoeqwerty

96.8k465149

edited Mar 31 at 1:32

Lightness Races in Orbit

275416

edited Mar 31 at 1:32

Lightness Races in Orbit

275416

answered Mar 30 at 16:53

joeqwertyjoeqwerty

96.8k465149

answered Mar 30 at 16:53

joeqwertyjoeqwerty

96.8k465149

3

Of course there is. If you send mail from an address x-yuri@example.com and the recipient is john@nice-domain.com you don't know whether it will relay that mail. You will often see the situation that the mail lands finally in john.priv@google.com and you will get a report from google.com who report a quarantined message because of SPF failure.

This is why you always need DMARC and DKIM, and SPF is your backup mechanism for (rare) cases when DKIM fails on you. A good description is in chapter 1 and 2 of RFC 7489 (DMARC).

share|improve this answer

edited Apr 15 at 20:50

answered Apr 13 at 9:02

kubanczykkubanczyk

10.7k32946

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Isn't what you're talking about is forwarding, not relaying?
  
  – x-yuri
  Apr 15 at 11:37
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @x-yuri You're right. Since these situations are indistinguishable and I think relevant in your scenario, I've reframed your question.
  
  – kubanczyk
  Apr 15 at 13:56
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  AFAICT, the question and the other answers are about the sending side. Changing the question would invalidate the answers. Or not? But we can probably have a tangential answer. Although I have questions. You're talking about forwarding alone, or both (forwarding + relaying)? "Does SPF break forwarding? Yes, but only if the receiver checks SPF without understanding their mail receiving architecture." Can't I rely on most of the receivers to behave properly?
  
  – x-yuri
  Apr 15 at 19:51
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Let it be a tangential answer. Forwarding is a real concern for a sender who wants to avoid phishing attempts. Re-mailing is not even an option nowadays - you are using outdated docs. What you probably need to read is chapter 1 and 2 of RFC 7489 (DMARC).
  
  – kubanczyk
  Apr 15 at 20:48
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I'm really not sure what those two chapters were supposed to explain. I've set up SPF, DKIM and DMARC for a couple of domains lately. Let's put things straight. We're talking about a part of the path where an email has reached the MX-server? Do your concerns has to do with forwarding, or both? Also, I'm surprised the other answers have received so many upvotes if what you're saying is true. Is this because of the way I have worded the question? The other answers are about a part of the way where an email hasn't reached the MX-server? @Sven @joeqwerty Can you confirm?
  
  – x-yuri
  Apr 16 at 11:13
  

  
  
  
  

 | 
show 1 more comment

3

Of course there is. If you send mail from an address x-yuri@example.com and the recipient is john@nice-domain.com you don't know whether it will relay that mail. You will often see the situation that the mail lands finally in john.priv@google.com and you will get a report from google.com who report a quarantined message because of SPF failure.

This is why you always need DMARC and DKIM, and SPF is your backup mechanism for (rare) cases when DKIM fails on you. A good description is in chapter 1 and 2 of RFC 7489 (DMARC).

share|improve this answer

edited Apr 15 at 20:50

answered Apr 13 at 9:02

kubanczykkubanczyk

10.7k32946

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Isn't what you're talking about is forwarding, not relaying?
  
  – x-yuri
  Apr 15 at 11:37
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @x-yuri You're right. Since these situations are indistinguishable and I think relevant in your scenario, I've reframed your question.
  
  – kubanczyk
  Apr 15 at 13:56
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  AFAICT, the question and the other answers are about the sending side. Changing the question would invalidate the answers. Or not? But we can probably have a tangential answer. Although I have questions. You're talking about forwarding alone, or both (forwarding + relaying)? "Does SPF break forwarding? Yes, but only if the receiver checks SPF without understanding their mail receiving architecture." Can't I rely on most of the receivers to behave properly?
  
  – x-yuri
  Apr 15 at 19:51
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Let it be a tangential answer. Forwarding is a real concern for a sender who wants to avoid phishing attempts. Re-mailing is not even an option nowadays - you are using outdated docs. What you probably need to read is chapter 1 and 2 of RFC 7489 (DMARC).
  
  – kubanczyk
  Apr 15 at 20:48
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I'm really not sure what those two chapters were supposed to explain. I've set up SPF, DKIM and DMARC for a couple of domains lately. Let's put things straight. We're talking about a part of the path where an email has reached the MX-server? Do your concerns has to do with forwarding, or both? Also, I'm surprised the other answers have received so many upvotes if what you're saying is true. Is this because of the way I have worded the question? The other answers are about a part of the way where an email hasn't reached the MX-server? @Sven @joeqwerty Can you confirm?
  
  – x-yuri
  Apr 16 at 11:13
  

  
  
  
  

 | 
show 1 more comment

Of course there is. If you send mail from an address x-yuri@example.com and the recipient is john@nice-domain.com you don't know whether it will relay that mail. You will often see the situation that the mail lands finally in john.priv@google.com and you will get a report from google.com who report a quarantined message because of SPF failure.

This is why you always need DMARC and DKIM, and SPF is your backup mechanism for (rare) cases when DKIM fails on you. A good description is in chapter 1 and 2 of RFC 7489 (DMARC).

share|improve this answer

edited Apr 15 at 20:50

answered Apr 13 at 9:02

kubanczykkubanczyk

10.7k32946

share|improve this answer

edited Apr 15 at 20:50

answered Apr 13 at 9:02

kubanczykkubanczyk

10.7k32946

answered Apr 13 at 9:02

kubanczykkubanczyk

10.7k32946

answered Apr 13 at 9:02

kubanczykkubanczyk

10.7k32946