Am 18.11.2015 um 15:49 schrieb Kevin Golding:
So returning to your original questioning, changing to checking ALL instead of ALL-INTERNAL would result in checking against headers added by other relays and would presumably be spoofable. You may feel happy with this if you can ensure that any Received-SPF headers are removed upon entering your network
you can't because "/^Received\-SPF.*/ IGNORE" in header_checks would also remove the own policy-generated header before it enters the milter and so you can't be sure it's your own
signature.asc
Description: OpenPGP digital signature
