Re: SPF and forwarding best practice
Benny Pedersen wrote:[color=blue]
> On Mon, April 14, 2008 00:45, Moritz Borgmann wrote:
>> Now, this setup entails the well-known problem that if X.com publishes an
>> SPF record, SpamAssassin (3.2.4) spanks the message with SPF_FAIL since it
>> checks the first *external* relay (mx.B.com), not the first untrusted relay
>> against X.com's SPF policy. There's a comment about this in Plugins/SPF.pm's
> 2 ways of solving it:
> 1: make all forwarded ips as trusted
and that solves the problem? OP explictely said this does not and cited
a comment in SPF.pm.
> 2: add forwarders to the spf as A:<ip>
this requires the root password to connect to other people domains. if
you have a url for that, let's fix all the broken sites now.[color=blue]
> 3: dont use forwards :-)
disabling spf rules is more reasonable.