On Wed, 14 Oct 2015 17:51:23 -0400 Alex <mysqlstud...@gmail.com> wrote:
> I'd like to make sure incoming mail that appears to be "From:" one of > our internal users has indeed gone through one of the systems > specified in the SPF record, resulting in an SPF_PASS. Can't be done. SPF looks at the envelope sender (what end-users know as the Return-Path:) and not at all at the From: header. You can do what you're trying to do with DKIM, though, and reject mail claiming to be from your domain (in the From: header) that has an invalid or no DKIM signature. If you can't install DKIM software on your Exchange server, you can use your Linux box as a smarthost and have the Linux box sign outbound mail from the Exchange server. Of course, internal mail won't ever leave the Exchange server and will thus lack a DKIM signature, but that shouldn't be a problem... just check DKIM on the MX hosts and not Exchange. Regards, Dianne.
