Benny Pedersen wrote:
On Mon, April 14, 2008 00:45, Moritz Borgmann wrote:
Now, this setup entails the well-known problem that if X.com publishes an
SPF record, SpamAssassin (3.2.4) spanks the message with SPF_FAIL since it
checks the first *external* relay (mx.B.com), not the first untrusted relay
against X.com's SPF policy. There's a comment about this in Plugins/SPF.pm's
_get_relay():
2 ways of solving it:
1: make all forwarded ips as trusted
and that solves the problem? OP explictely said this does not and cited
a comment in SPF.pm.
2: add forwarders to the spf as A:<ip>
this requires the root password to connect to other people domains. if
you have a url for that, let's fix all the broken sites now.
3: dont use forwards :-)
disabling spf rules is more reasonable.
