Is it possible to use a milter under postfix to implement SPF?
It seems to me that this would not be possible, because of the way that postfix manages milters.
According do the postfix docs, the milter goes here in the message-processing chain:
Network => postfix smptd process => MILTER => postfix smtpd process => etc.
Given that the milter gets its message from the postfix smtpd, the milter will see its initial connection coming from postfix's IP address. This would mean that the milter has no knowledge of the original sender's IP address.
SPF needs the sender's IP, so it seems like it would be impossible to perform a proper SPF validation from within a postfix milter.
This seems to be exactly what is happening when I install a test milter into my postfix server.
Am I correct about this, or has anyone been able to implement SPF via a postfix milter?
Thanks in advance.
OK. I understand the issue better now. Apparently, the milter implementation I'm using is not properly setting {client_addr}. I will assume that my issue is that of the underlying milter implementation that I'm using (a recent version of pymilter).
Also, I figured out that I can work around this issue as follows: postfix puts the client's hostname and IP address into the topmost "Received" header that it sets before sending the message to the milter. I can therefore parse this first "Received" header in the milter to get the client address that I need for SPF.