>>See below for responses. You are not relaying for a domain that hasn't authorized you as a relay.
1. [EMAIL PROTECTED] sends mail to [EMAIL PROTECTED] 2. [EMAIL PROTECTED] has their preferences set to forward the mail to [EMAIL PROTECTED] OR maybe [EMAIL PROTECTED] is an alias setup to forward to [EMAIL PROTECTED] 3. The FROM address of the email is [EMAIL PROTECTED] but the last MTA is yours (localdomain.tld). localdomain.tld is not and of course should not be listed in the SPF for somedomain.tld, so the forwarded mail would fail the SPF. I think that the use of aliases and forwarding is pretty common. Perhaps I should not allow our users to forward their mail until I have been "authorized" by every domain holder in the world to forward (relay) mail from them. >>Read the in-depth Description on the SPF website for reqirements of MTA header re-writes for forwarding to eliminate what you are talking about. Don't get me wrong, it isn't going to be easy. I am no programmer of that magnitude nor do I wish to become one, but the end result is that we have a better system overall. (not perfect) >> In regards to another post about my suggestion of port 2525. I am not saying that we should move everything to 2525 (or any specific port for that matter). You choose your port, everyone is different, say mine is 890 or whatever. You set a high port, that no-one typically uses and only a port-scanner is going to find it. From that perspective, your firewall / IDS should catch it and drop them in the dirt before 1) they find it at all or 2) they effectively can use it. 2525 is an example to suggest, it could be any port, in fact SPF suggests 587. >>One thing we cannot take our eyes off of is the lack of perfection. There is no magic bullet / answer. What PSF does provide however, is a very good attempt imho at keeping just anyone from saying "Hey I'm paypal.com, trust me" and then getting more of my lemming users to give them info or open a ne virus, etc. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
