-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 10 September 2004 11:48 am, Kevin Peuhkurinen wrote:
My problem is that for security reasons, all incoming email is first
recieved by my Checkpoint firewall's SMTP Security Server. It is then
handed off to my Exim/SpamAssassin box. I want to have Exim run SPF
checks on the incoming mail and add the SPF headers. I am not at this
point interested in enforcing any sort of policy, I just want the
headers. The problem, of course, is that while Checkpoint preserves
the envelope headers, the Exim box sees the sending IP and HELO as the
firewall. I'm thinking that A) I'm SOL in terms of the specifications
and B) if I want this to work I'm going to have to kludge something
together that extracts the IP address of the sending host from the
recieved headers and calls spfd itself or (>shudder<) write an OPSEC
compliant module for the firewall itself.
Has anyone else already dealt with issues like this?
You'll need to upgrade the checkpoint server to check SPF and attach a
Received-SPF header, or stop using the checkpoint. SPF works only on the
border MTAs. I am not sure if an upgrade is available for the checkpoint
server is available. Contact the manufacturers and ask them when/if they
will implement SPF checking.
- --
Jonathan M. Gardner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFBQgrbBFeYcclU5Q0RAoUjAKC1JzEivHEc5nzh8PKH8YBPsiZILACgzWQy
K2/BR6q+6jp7bCJNSeMYL6I=
=1boZ
-----END PGP SIGNATURE-----