On Sun, 12 Jul 2009 17:29:07 +0200 (CEST) "Benny Pedersen" <m...@junc.org> wrote:
> > On Sun, July 12, 2009 16:21, RW wrote: > > Generally forwarders should go into your internal networks, > > no no, internal networks is your own wan ips nothing more, imho > > forwarders is trusted/msa If you do it that way SPF, XBL, DUL etc run against a server that's inside your trusted network and not against the responsible IP address. > > unless they rewrite the return-path > > why does this change ? Ideally you want SPF to run against the IP address that delivered to first MX server; and unless that MX server adds usable SPF headers, you need to put it into the internal network. If the forwarding server does Sender Rewriting, SA may not be able to get the original smtp "mail from" address, and you may want to use the trusted network instead to run SPF against the rewritten address.
