[Gllug] Configuring SPF to cope with secondary incoming mail servers
Jason Clifford
jason at ukfsn.org
Mon Dec 4 14:05:11 UTC 2006
On Mon, 4 Dec 2006 john at sinodun.org.uk wrote:
> The problem arises because if an e-mail goes to your secondary server, it
> will then attempt to pass it on to your primary server. If an SPF record
> exists for the sender's domain then your primary server will (almost
> certainly) flag the e-mail as failing the SPF test because the secondary
> is not listed in the sender's SPF record.
So set your filters not to check SPF on email delivered from the
secondary.
> The solution which occurs to me is a kind of semi-whitelisting. Your
> primary server is told to trust your secondary to the extent that it
> believes the last header which your secondary added (telling it where your
> secondary received the e-mail from). Unfortunately I can find no
> reference to this approach being implemented anywhere.
What MTA are you using? Implementing this will depend upon the MTA and the
filtering mechanism you are using to check SPF, etc.
> (It's not actually a problem for me because an SPF fail on my site simply
> adds 1.1 to my SpamAssassin score, but another site I know of relies
> absolutely on an SPF fail and it's causing grief.)
Tell them to get clue and stop being stupid. SPF is advisory and not to be
trusted totally. Your approach is the only sane one in practice.
Jason
--
UKFSN.ORG Finance Free Software while you surf the 'net
http://www.ukfsn.org/ up to 8Mb ADSL Broadband from just £14.98
http://www.linuxadsl.co.uk/ ADSL routers from just £21.98
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list