spf-discuss
[Top] [All Lists]

RE: RE: sendmail-milter-spf-1.1.pl script and secondary MX

2004-01-09 09:21:37
The proper way to solve your problem would be your secondary
MX performing
SPF checks as well.

Please re-read my example. The issue is that (legitimate) messages get
dropped on their way from secondary to the primary. It's not enough to
ensure that the secondary does the checks as well, we must also be
able configure the primary so that it trusts its secondary.

FWIW, this is a common issue that is unrelated to SPF.

Specifically, you need to either have anti-spam software running on your
backup mailservers and/or gateways, or have your primary mailserver aware
of the backups/gateways.

If you have multiple backups at different priorities, you'll need
to tell each mailserver to trust all the other servers with lower
priorities.  Which is a pain, especially if they are administered
by different people.

Also, these servers should only trust each other for mail destined
for your domain, since the set of MX servers depends on the recipient
domain, not the sender domain.  Each recipient of message could have
a different set of MX servers, in different priority order.

I don't think multi-level backup MX servers and SPF really mix
well at all.

Later,
Kenn

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡