> Michael Scheidell wrote: > > Sometimes a large company will have a proxy server set up in the DMZ and > > then send it to their internal mail server. I understand that ideally, > > the proxy server would be replaces with a SpamAssassin/MTA setup. > > > > However, sometimes, client, security and company policy needs outweigh > > logic. I can think of several things this might break, depending on if > > you count that proxy server as an internal/trusted server. > > > > #1, SPF. SPF helo, SENDERID > > The proxy will be adding a received header, and announcing 'HELO/EHLO' > > using its own name, not the senders. > > (please no bitching about SPF) > > #2, many blacklists that depend on the last received header (the proxy > > will normally put on in)
On 23.09.07 22:24, mouss wrote: > These are easily solved by correctly configuring trusted_networks. and internal_networks - the proxy has to be in both of them. In such case SA will behave correctly, unless the proxy does any bad in modifying headers etc (and for SA-3.2.x, the proxy has to do reverse DNS check and put it into Received: headers) -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I feel like I'm diagonally parked in a parallel universe.
