On 15.12.10 20:08, Nikolay Shopik wrote: > my mx have public ip and not behind nat, should i add public ip of my mx into > internal_networks?
Your internal_networks should contain IP addresses of all MX servers, and also all servers your mail server passes before it is checked by spamassassin, that is, also your internal mail infrastructure not in MX. It applies for their outgoing IP addresses in case those servers send mail from different IP then MX points at. SPF validation is done at your MX border - gmail delivers mail to one of MX servers for your domain and that is where SPF must be validated. Domains will not have your MX servers in their SPF records, that's why. So, spamassassin must be able to track which addresses belong to your internal network - it must walk through the header to see from which hosts was the mail received and validate if it is internal or not, therefore if apply SPF check there. The SPF check can be validated at only one point - where the remote SMTP passes the mail to your MX. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. M$ Win's are shit, do not use it !
