I'm trying to figure out how to stop SPF_FAIL on messages generated on
an internal rfc1918 network and routed through a trusted host.
Host A: generates mail, origin IP 10.x.x.x
Host B: relays mail for Host A, to Host C
Host C: receives mail, marks SPF_FAIL
Host B is both in the valid SPF record, and in trusted networks.
Example:
host A: 10.0.0.1 generates e-mail, routes via HostB
Host B: has outside IP 64.13.143.16
Host C: sees message from Host B, sees Host B is valid SPF
sender, sees Host B is trusted Host
_APPARENTLY_ skips to the next Received header because B is trusted.
Received: from arran.svcolo.com (arran.sc.svcolo.com
[64.13.143.17]) by kininvie.sv.svcolo.com (8.14.1/8.14.1) with ESMTP
id m5K2o3it016795 for <[EMAIL PROTECTED]>; Thu, 19 Jun 2008
19:50:03 -0700 (PDT) (envelope-from [EMAIL PROTECTED])
Received: from apc0.sv.svcolo.com (apc0.sv [10.0.0.1]) by
arran.svcolo.com (8.13.8/8.13.4) with SMTP id m5K2o1sL002910 for <[EMAIL PROTECTED]
>; Thu, 19 Jun 2008 19:50:02 -0700 (PDT) (envelope-from [EMAIL PROTECTED]
)
X-Spam-Status: Yes, score=4.157 tagged_above=-10 required=4
tests=[AWL=0.656, NORMAL_HTTP_TO_IP=0.001, SPF_FAIL=3.5
Obviously, putting 10/8 into the published SPF record makes no sense
at all, nor does adding 10/8 to the trusted_networks.
So... how can I say "I trust Host B so much that I don't want to go
any farther for SPF checks?"
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
