On Mon, 4 May 2009, Matus UHLAR - fantomas wrote:
OUR mail server *requires* that a user be connected via our dialups.
what do you mean? Users connected by your dialups can only be connected to
your mail server?
Yes, but also that the user must be connected to our dialup to gain
'relay' access to our mail server. If someone, even one of our legit
users, is on a DSL connection, then they *cannot* send mail through our
server. They must use the server connected to their third party service.
Good anti-spam measure, but not SPF-friendly....
And as far as I am aware, the NAS does not permit direct port 25 access
to any other server.
The mail can be sent using other ports....
That's not the point being addressed - I meant only that our users could
not send mail directly from a dynamic IP to outside mail servers... They
are required to use ours from the dialups. So even if I could just somehow
'separate' the two groups and SPF check those addresses, it would be
better than no SPF check at all.... OF course, the user would still have
to opt-in. How would I know if they didn't use alternative access
occasionally...?
would cause problems, because we don't really know *who* is using third
party servers, and too many of them wouldn't read the notice... :(
I don't see this a problem, since all those mailboxes are hosted on your
machines, it shouldn't be hard to notice all customers that they MUST send
mail from domains hosted on your servers using your servers.
Sending notice: Easy. Getting them to READ it: Hard. Having them complain,
blame us or dump our service because it "doesn't work" without even
giving us the chance to explain their error (because they were too
stupid to read the notice): inevitable.
So, presuming that arguments for the 'need' are upheld, I am more
interested in the technical questions I posed. Is it 'workable? Would it
be able to also serve as a form of sender callback, without the nasty
DDOS risk and other drawbacks of straight SMTP callback? Or would this
bloat DNS caching ridiculously?
- Charles