Pierre Ossman [EMAIL PROTECTED] wrote: > How does courier handle SPF when mail come from backup MX:s? > I couldn't find anything in the documentation about this and the only mx > related code I found was for handling the mx-entries in the SPF record. > > Adding the backup MX:s to the access list with SPF disabled is an > option, but I've seen on other mailing lists that other implementations > checks if the other end is a backup for the mail it's trying to send. > This gives the advantage of not having to configure (and keep updated) > the lists of backups in every access list.
I think it is generally considered best practice to have all your border MTAs (i.e. those who receive mail from the public internet, including your backup MXes) apply the same checks and security measures, so they can fully trust each other. Whitelisting co-MTAs by IP address is the traditional way to do it. But I _can_ see the value of doing that whitelisting by looking up your co-MTAs' IP addresses from the MX records of the recipient domain. Maybe such an optional feature would be a good addition to Courier. Apart from that, I can only agree with what Roland said: Pierre Ossman [EMAIL PROTECTED] wrote: > Roland [EMAIL PROTECTED] wrote: > > If you dont trust your backup-mx the better drop them. > > These days low-priority MX are only used by the spammers, and > > they usually dont give better redundancy like 15 years ago. > > Not if you have a crappy ISP where downtime of a week is a fairly common > thing. Having an external backup MX with a long timeout is essential. The correct solution to your problem is to switch to a more reliable ISP, so you don't have to rely on secondary MXes that are outside your control. These days, having your backup MXes (if any) being secure is equally essential, if not more, as having ones in the first place. ------------------------------------------------------- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
