The council talked about it and feels that documentation of how to configure your MUA and/or MTA to send emails as @gentoo.org is needed to avoid any further confusion regarding our use of SPF. I think if we all pitched in how to configure our favorite agent over the next month we could get this document complete.
The return-path isn't supposed to be set by the client -- it's supposed to be set by the last MTA in the chain. As long as the MAIL FROM header presented by the sending MTA doesn't run afoul of SPF checking, you won't have any issues. (note: you do not have to have the same MAIL FROM header as your body From: header) So, simply do not forge your return-path and you won't have any problems...
And, here is an explanation of how to use ssmtp to relay mails through dev.gentoo.org. It relays *all* mail vs. just gentoo.org mail, which isn't ideal, but is probably tenable if that's the only way a developer can get this to work... /etc/ssmtp/ssmtp.conf -------------------- mailhub=mail.gentoo.org:25 AuthUser=<your username> AuthPass=<your ~/.asmtp password> AuthMethod=CRAM-MD5 UseTLS=YES useSTARTTLS=YES --------------------
(In reply to comment #1) > So, simply do not forge your return-path and you won't have any problems... I'm curious to see how can I do this in the following (and probably most common) scenario: - dev cannot or don't wanna use @g.o infrastructure to send email - his/her MTA don't force Return-Path in any way (btw, this is the first time I hear about forcing Return-Path on MTA) - the dev use Thunderbird/Kmail
(In reply to comment #3) > - dev cannot or don't wanna use @g.o infrastructure to send email I have yet to see a situation where a dev was unable to send mail through our infrastructure. As for not wanting to, we provide that infrastructure for a reason. If you choose not to use it, that does not mean that we're obligated to ensure you can send mail other ways without any problems. > - his/her MTA don't force Return-Path in any way In fact, your MTA does. Unless it's broken. The receiving MTA uses the MAIL FROM value of the envelope as presented by the sending MTA to set the return-path header.
(In reply to comment #4) > > - his/her MTA don't force Return-Path in any way > > In fact, your MTA does. Unless it's broken. The receiving MTA uses the MAIL > FROM value of the envelope as presented by the sending MTA to set the > return-path header. Yes, I also said that when I replied to flameeyes on -dev, remember? The problem is MUA *will* use your identity in MAIL FROM value, and this is not configurable AFAIK. For instance, if I send email using mrness@gentoo.org, this will also be used in the "mail from:" SMTP command.
Any progress on this documentation?
Since nobody else has noted this yet: For mutt users, either relay your mail via the Gentoo servers, or set your envelope differently using the following in your muttrc: envelope_from_address who@example.com use_envelope_from true
here's the syntax for the qmail smtproutes file: :mail.gentoo.org USERNAME PASSWORD this will forward all mail through mail.gentoo.org ...
Of possible interest on the MUA side, I ran into this page describing msmtp, that can do per-account SMTP forwarding http://wiki.mutt.org/?LightSMTPagents/Msmtp
The document is in CVS now. http://www.gentoo.org/proj/en/infrastructure/spf-howto.xml