On Saturday 27 May 2006 02:58, klaus thorn took the opportunity to write: > [EMAIL PROTECTED] is sending to > [EMAIL PROTECTED] Andy is somewhere (home/office/congress) > using often changing IP addresses. To compansate for this, > he uses the server example.com to relay all mail, > (authenticating by SASL = name+password) > which is good for SPF when sending > to outsiders, because all mail gets handed out by example.com, > so outsiders will get positive results from SPF checks. > ( SPF record for example.com is v=spf1 a ~all ) > > But the mail to Betty does not get relayed to the outside, > since it is delivered to Betty on the example.com server. > Thus the IP address being tested by SPF is the changing > IP address of Andy's locations' providers.
I'd configure the MTA not to run SA at all when the sender is authenticated
like in this case. (Assuming your users/coworkers can be trusted not to send
spam.)
SA does look for authenticated connections in the Received: header fields. For
example, if a trusted host says that it received the mail "with ESMTPA", then
the sending host is also trusted. I *think* that SPF checks are skipped in
that case. What does the Recieved: line of Andy's mail to Betty look like?
And is trusted_networks set correctly?
--
Magnus Holmgren [EMAIL PROTECTED]
(No Cc of list mail needed, thanks)
pgpcOZAbIbjEM.pgp
Description: PGP signature
