You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Bart Schaefer <ba...@gmail.com> on 2006/07/01 00:37:19 UTC
Re: internal/trusted again, MSA tested for SPF ?
On 6/30/06, Daryl C. W. O'Shea <sp...@dostech.ca> wrote:
>
> OK, I see now that you want to unconditionally trust the MSA *and* all
> hosts after it. Which is reasonable if the MSA is just an MSA. For
> whatever reason you don't want to rely on auth tokens, etc. Seems
> reasonable to me.
That would mean that SA must be able to verify the Received: chain as
far back as the MSA, wouldn't it? Otherwise forging a Received: for
the MSA would bypass all the network checks.
Re: internal/trusted again, MSA tested for SPF ?
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Bart Schaefer wrote:
> On 6/30/06, Daryl C. W. O'Shea <sp...@dostech.ca> wrote:
>>
>> OK, I see now that you want to unconditionally trust the MSA *and* all
>> hosts after it. Which is reasonable if the MSA is just an MSA. For
>> whatever reason you don't want to rely on auth tokens, etc. Seems
>> reasonable to me.
>
> That would mean that SA must be able to verify the Received: chain as
> far back as the MSA, wouldn't it? Otherwise forging a Received: for
> the MSA would bypass all the network checks.
Yeah, of course.