You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Bart Schaefer <ba...@gmail.com> on 2006/07/01 00:37:19 UTC

Re: internal/trusted again, MSA tested for SPF ?

On 6/30/06, Daryl C. W. O'Shea <sp...@dostech.ca> wrote:
>
> OK, I see now that you want to unconditionally trust the MSA *and* all
> hosts after it.  Which is reasonable if the MSA is just an MSA.  For
> whatever reason you don't want to rely on auth tokens, etc.  Seems
> reasonable to me.

That would mean that SA must be able to verify the Received: chain as
far back as the MSA, wouldn't it?  Otherwise forging a Received: for
the MSA would bypass all the network checks.

Re: internal/trusted again, MSA tested for SPF ?

Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.

Bart Schaefer wrote:
> On 6/30/06, Daryl C. W. O'Shea <sp...@dostech.ca> wrote:
>>
>> OK, I see now that you want to unconditionally trust the MSA *and* all
>> hosts after it.  Which is reasonable if the MSA is just an MSA.  For
>> whatever reason you don't want to rely on auth tokens, etc.  Seems
>> reasonable to me.
> 
> That would mean that SA must be able to verify the Received: chain as
> far back as the MSA, wouldn't it?  Otherwise forging a Received: for
> the MSA would bypass all the network checks.

Yeah, of course.