On Wed, 14 Jul 2004, Ryan Malayter wrote:
If they don't do it well, I imagine I'll have to put SPF+SRS on the
secondary, or implement a "check trusted received header" scheme as
Stuart suggests.
You don't have to put SRS on the secondary, just SPF. Treat the secondary
as a whitelisted trusted forwarder so that you skip SPF on the primary
for mail coming from your (authorized) secondaries.
This seems to work the best in practice. I don't recommend the
trusted 'Received' header solution because you end up not being
able to reject the forgeries before DATA.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.