> To me this indicates that SPF doesn't help you if your users are not > using webmail. Is this correct?
No, the connecting IP seen by remote servers will still be the last hop on your network, not the authenticating IP that submitted the mail. While this is thus an irrelevant concern for remote mail, it is true that you must exempt authenticated sessions from *your own* SPF lookups, or else you will reject your own users. You do this either by (a) turning on such an exemption in your MTA for the primary port, (b) having users submit through an authenticated-only port and/or different authenticated-only MTA that doesn't do any SPF checks, or, least desirable, (c) using a spoofed internal SPF TXT record for your own domain that has a looser policy. --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
