Hi Folks,
I starting to set up SPF records for the domains I manage, and have run
into a little snag. I hope somebody can suggest an approach:
BASIC CONFIGURATION:
Debian Sarge
Postfix (from stable - so it's a relatively old version, 2.1 I believe)
amavisd-new
spamassassin
clamav
Postfix configured with postfix-tls (SASL) but only for MD-5
authentication of incoming SMTP
For the most part, I use the machine as a list server (Sympa) and web
host, but I also have three email accounts on the box.
The listserver, and one of the email accounts, originate mail on the
host (the email account, using pine) - so, for SPF purposes, the
envelope sender is always the server, and all works just fine.
But... for the other two email accounts, mail originates from desktop
clients (Thunderbird). And here's the rub:
- I want to apply virus and spam checks to incoming mail, but...
- for SPF purposes, the envelope sender is now the dynamic IP of the
desktop clients, so it's hard/impossible to put that in the SPF record
- so, mail submitted from desktop clients is getting marked as failing
the SPF check
So... is there a way to turn off SPF checks for mail coming from
authenticated clients, without turning off all the other checks (as, for
example, would happen if mail was submitted via port 587)?
Thanks very much,
Miles Fidelman
