All,
I know this must have been discussed to death but I cannot find a satisfactory
answer to it.
If I have an MTA sat behind an outsourced AV gateway then how can I get SPF to
work?
Outbound mail is fine as I can setup an include rule to include the gateway in
my SPF record.
Inbound causes a problem. SPF is meant to be checked "at the boundary". Well my
server is "my boundary". The outsourced server is not, although all mail will
go through it on it's way to me. There is no way that I can see to do an SPF at
the innner MTA ( my "boundary" MTA) as the AV gateway will never be allowed to
relay from the arbitary sending domain.
Have read a few items on this it assumes that the AV gateway will do SPF as it
will have to assume the role of the boundary MTA. Depending on AV gateway
supplier this may or may not happen. Has anyone come up with a fool proof
method of doing this? The only suggestions I have seen involve looking back
through the Received headers to find the sender's IP address - obviously this
is prone to all sorts of errors.
Simon
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com