Thanks, I hadn't thought about the backscatter problem. If there is a proxy involved, then they HAVE to set (in amavisd) all final destinations as 'DISCARD' and not BOUNCE.
I also think I will try to look at adding it to trusted networks in SA, but excluding it from the internal networks in amavisd. IP addresses are not the basis of p0f, so that doesn't work, and without hacking SA SPF plugins, I can't see any way to trust SPF. For the purposes of this discussion, the biggest reason I can't be on the edge where Id like to be is that there is a massive proxy/load balancer/failover device that does more than email. Many firewalls 'proxy' the email also, so its not like you can take it out. (oh, turn off Cisco's smtp mail fixup was another thing I found when dealing with odd ball setups) Thanks to everyone who had real answers. -- Michael Scheidell, CTO Office: 561-999-5000 x 1259 Direct: 561-939-7259 Real time security alerts: http://www.secnap.com/news _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _________________________________________________________________________
