On Thu, 26 Nov 2009, Roman Gelfand wrote:
> Your last paragraph answered all the questions. So, If I understand you
> correctly, smtp packets coming from edge firewall have to be routed
> rather than NATed in order to achieve desired effect.
If by that you mean the external IP address would not be concealed, then
yes, that would be ideal.
If on the other hand you always know that mail from outside will appear to
come from a fixed IP address (say 127.0.0.1) while all mail from inside
will come from one of your internal networks, then you can still have an
almost normal setup where you list your internal networks via the opendkim
setting "InternalHosts" but don't list 127.0.0.1 as also being internal.
The caveat is that mail generated on that same machine (e.g. mail from
"cron") will always be considered as mail from outside.
> I just realezed that on my internal network, where exchange 2007 is
> running, I have sender id reputation filtering. There, sender id is
> checked correctly, All I had to do is to tell exchange 2007 ignore ip
> 127.0.0.1.
You should probably be able to do something similar here.
Received on Thu Nov 26 2009 - 19:32:47 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 29 2012 - 23:16:46 PST