Benny Pedersen wrote:
> On Mon, April 14, 2008 00:45, Moritz Borgmann wrote:
>
>
>> Now, this setup entails the well-known problem that if X.com publishes an
>> SPF record, SpamAssassin (3.2.4) spanks the message with SPF_FAIL since it
>> checks the first *external* relay (mx.B.com), not the first untrusted relay
>> against X.com's SPF policy. There's a comment about this in Plugins/SPF.pm's
>> _get_relay():
>>

>
> 2 ways of solving it:
>
> 1: make all forwarded ips as trusted
>


and that solves the problem? OP explictely said this does not and cited
a comment in SPF.pm.

> 2: add forwarders to the spf as A:
>


this requires the root password to connect to other people domains. if
you have a url for that, let's fix all the broken sites now.
> 3: dont use forwards :-)
>


disabling spf rules is more reasonable.