On Fri, 23 Sep 2005, Simon Tyler wrote:
I know this must have been discussed to death but I cannot find a
satisfactory answer to it.
If I have an MTA sat behind an outsourced AV gateway then how can I get SPF
to work?
Ideally, the AV gateway does it. If that is impossible, then you
can use the Received: header added by the AV gateway. It should add
a Received header to the top of all mail passing through it.
(If it doesn't, it is completely braindead and I would get another
service company.) Make sure you use the top header added by your
gateway, because Received can be forged as well.
The problem with using the Received header is that the data can be
stale. However, in the normal case you will process the Received
header only seconds after it passes through the gateway. Your
software could check the timestamp on the Received header and
relax things if it is too old.
You should ask your AV gateway to at least check SPF
and add the Received-SPF header. They don't have to block anything
based on SPF - just add the header.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com