Alessandro Vesely wrote: > Currently, the only way that one can concede forwarding is by IP > address. This may make sense for a fully controlled backup MX. In > general, the same IP address can be used to forward a message as well > as to submit a new one. The forwarded-to recipient has no way to > distinguish between those two cases. Furthermore, having to concede > full relay privileges to that IP is certainly overkill. > > Rewriting the sender's address currently works, but is wrong for > backup MXes. Isn't there room for designing a better solution?
One should always be able to fully trust one's backup MXes, not only for _that_ reason but also because you want them to employ security in a manner _identical_ to your primary MX. If you trust your backup MXes, then you won't have to perform any security checks (including SPF) on mail received from them. IOW, you should always whitelist your backup MXes.
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users