On Mon, 14 Sep 2009 19:18:36 +0200 bsd <b...@todoo.biz> wrote: >Hello, > >I am using two postfix server and quite often some misconfigured mail >server are sending mail to the backup MX instead of the primary. >Both server have postfix implemented using the 'classic' conf: > >in main.cf > >> smtpd_recipient_restrictions = >> permit_mynetworks, >> permit_sasl_authenticated, >> check_recipient_access hash:/usr/local/etc/postfix/access >> reject_unauth_destination, >> reject_invalid_hostname, >> reject_unknown_sender_domain, >> # SPF implementation >> check_policy_service unix:private/policy >> # Greylisting implementation >> check_policy_service inet:127.0.0.1:10023 > >and in master.cf : > >> # SPF policy implementation /usr/ports/mail/postfix-policyd-spf >> policy unix - n n - - spawn >> user=nobody argv=/usr/local/sbin/postfix-policyd-spf >> > > >The problem is that I sometimes have (quite often in fact) rejected >mail because they are using spf and the mail is transfered from my >backup MX to my master server and my server is considering that second >server as the issuer. > >Is there any option that I can activate on master.cf or main.cf to >avoid that… my initial reading and googling have not been very >successful. > Not exactly the question you asked, but if you are using one of the policy servers from http://www.openspf.org/Software , both provide their own mechanism for bypassing SPF checks for specific relays (like secondary MX).
The Python implementation provides this in a proper config file. The Perl implementation is much more primative and you have to edit the actual executable script (patches welcome). In either case, the documentation shipped with the packages should explain how to do it. Scott K
