On Tue, 2004-08-03 at 14:17, Cal Evans wrote:
> Nigel Metheringham wrote:
> > On Tue, 2004-08-03 at 13:49, Cal Evans wrote:
> >
> >>I have the example ACL working the way I want and life is good. But now
> >>I need to tweak it to support my road-warriors. I have people in the
> >>field w/laptops that use the corporate mail server to send mail.
> >
> >
> > Aren't they authenticated?? If not why is your server still connected
> > to the internet?
> >
> > Nigel.
>
> Yes, they are authenticated. (Sorry, that info was in an early draft of
> the message. Not sure why I deleted it.) But since they are roaming and
> their IP/HOST cannot be known ahead of time, SPF will always fail.
> (Unless I leave out -all)
Surely you should skip SPF checks for any connection that is
authenticated - you apply your own policy to these, not an external one.
[This is of course a use for the MSA port/system - your own folks
connect in through there and use a different policy set]
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
