spf-discuss
[Top] [All Lists]

Re: RE: sendmail-milter-spf-1.1.pl script and secondary MX

2004-01-09 09:12:24

> The proper way to solve your problem would be your secondary MX performing
> SPF checks as well.

Please re-read my example. The issue is that (legitimate) messages get
dropped on their way from secondary to the primary. It's not enough to
ensure that the secondary does the checks as well, we must also be
able configure the primary so that it trusts its secondary.

FWIW, this is a common issue that is unrelated to SPF.

Specifically, you need to either have anti-spam software running on your backup mailservers and/or gateways, or have your primary mailserver aware of the backups/gateways.

The same issue happens with standard DNSBLs -- if you don't let your primary know the IPs of the backups/gateways, the DNSBLs will be queried with the IPs of your backups/gateways (which is not what you want).

So your anti-spam software needs to either skip scanning of mail from your backups/gateways, or process it properly (using the correct IP).
                           -Scott

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡