Situation is resolved. Below is part of the fault. Our secondaries are dual stacked, although they are configured to use ipv4 over ipv6 and usually do. Our config only trusts ipv4 addresses (the problem)
There was a 3 day blockage in routing for one ipv4 range (it is external and out of our hands, its on a third party network and there was a problem with BGP on their end), this did not affect routing of ipv6, so ipv6 because ipv4 failed, sent the messages, resulting in SPF fail, we have since added ipv6 addresses to trusted settings. On 10/16/15, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote: > On 16.10.15 09:10, Nick Edwards wrote: >>Was there a change recently to the spamassassin code for SPF? >> >>Lately, any messages that come in via secondary MX's are failing, this >>nevefr used to be the case > > the MX servers for your domain MUST be listed in internal_network (and in > trusted_network too). > This is exactly what internal_networks is for... > > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > I just got lost in thought. It was unfamiliar territory. >
