> The proper way to solve your problem would be your secondary MX performing
> SPF checks as well.
Please re-read my example. The issue is that (legitimate) messages get
dropped on their way from secondary to the primary. It's not enough to
ensure that the secondary does the checks as well, we must also be
able configure the primary so that it trusts its secondary.
FWIW, this is a common issue that is unrelated to SPF.
Specifically, you need to either have anti-spam software running on your
backup mailservers and/or gateways, or have your primary mailserver aware
of the backups/gateways.
The same issue happens with standard DNSBLs -- if you don't let your
primary know the IPs of the backups/gateways, the DNSBLs will be queried
with the IPs of your backups/gateways (which is not what you want).
So your anti-spam software needs to either skip scanning of mail from your
backups/gateways, or process it properly (using the correct IP).
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡