On Fri, 23 Sep 2005, Simon Tyler wrote:
So far I have only the MX record option which has the issue that the customer
needs an additional mail server - not really an option for most people
especially if they need to buy one.
You already have a mail server that gets the mail from the AV
server. You can easily configure sendmail to do SPF *and* filter through
external AV server.
1. Set up iptables to redirect incoming port 25 from the AV server
to another local port, say 125. Run sendmail listening
on that port to accept filter mail and deliver to mailboxes.
2. Run another sendmail on port 25, which will get everything else.
That sendmail runs a milter to check SPF. It has a smart-host
to then forward everything it didn't reject on to the AV server.
Another option instead of another sendmail instance would be a real-time proxy
that connects to the AV server for each incoming connection, and mostly
just shuffles bytes between the two - but checks SPF for MAILFROM and sends a
REJECT to caller and QUIT to AV server on FAIL.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com