On Wed, 25 May 2016, Dianne Skoll wrote:
On Wed, 25 May 2016 13:05:57 +0200
Support SimpleRezo <simpler...@gmail.com> wrote:
We are expecting a problem when emails are coming from our MX2 with
the SPF plugin, because the SPF test is made on the last "Received"
IP and not the first one (as we can expect for a SPF test).
Does someone has already notice this? Can this be fixed by
configuration?
Yes. Don't run a backup MX machine that relays to a primary machine
that does spam-scanning. It's more trouble than it's worth, particularly
as spammers sometimes specifically pick the worst MX record rather than
the best.
It also seems problematic for your backup MX to accept an email only
for your primary to potentially reject said email later on. At that
point you can no longer reject the mail, leaving the problematic (some
might say wrong) choices to either bounce it or drop it (or deliver
it, I suppose, if you're only using SA to provide info to end users).
Running the same SA setup on your backup would seem to minimize that
risk, but not totally eliminate it, since network-based tests might
return different results given sufficient time until your backup
finally transfers to the primary.
So, for those with more experience, what is the preferred way to run a
backup MX (or two or three, etc.) without losing or breaking the
benefit of spam filtering?
--
Public key #7BBC68D9 at | Shane Williams
http://pgp.mit.edu/ | System Admin - UT CompSci
=----------------------------------+-------------------------------
All syllogisms contain three lines | sha...@shanew.net
Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
