Julian Mehnle wrote: > Alessandro Vesely wrote: >> Rewriting the sender's address currently works, but is wrong for >> backup MXes. Isn't there room for designing a better solution? > > One should always be able to fully trust one's backup MXes, not only for > _that_ reason but also because you want them to employ security in a > manner _identical_ to your primary MX. > > If you trust your backup MXes, then you won't have to perform any security > checks (including SPF) on mail received from them. IOW, you should > always whitelist your backup MXes.
The effectiveness of backup MXes originates from topological properties of the network. Thus, setting up backup MXes that way requires maintaining (possibly virtual) boxes with dedicated IPs on different autonomous system. OTOH, there are convenient commercial offers for backup MX services, or ISPs may want to arrange for reciprocal exchange for such services. It may be desirable to provide options for SPF and DNSBL checks, directly configurable by users for each target mailbox. However, lack of standardization makes it hard to set up that stuff. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
