<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-15">
<META content="MSHTML 6.00.2900.3527" name=GENERATOR></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Segoe UI">
<DIV>I do use SPF for my domains and I am using</DIV>
<DIV> </DIV>
<DIV>v=spf1 a mx -all</DIV>
<DIV> </DIV>
<DIV>for the domain and </DIV>
<DIV> </DIV>
<DIV>v=spf1 a -all</DIV>
<DIV> </DIV>
<DIV>for the mail server.<BR><BR>>>> Brent Addis <brent.addis@spit.gen.nz> 5/21/2009 1:25 AM >>><BR>Why don't you use SPF on your domains?<BR></DIV>
<TABLE cellSpacing=0 cellPadding=0 width="100%">
<TBODY>
<TR>
<TD><BR></TD></TR></TBODY></TABLE><BR>-----Original Message-----<BR><B>From</B>: Gary Faith <<A href="mailto:Gary%20Faith%20%3cgafaith@asdm.net%3e">gafaith@asdm.net</A>><BR><B>Reply-to</B>: MailScanner discussion <mailscanner@lists.mailscanner.info><BR><B>To</B>: <A href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</A><BR><B>Subject</B>: (2nd Request) Disable scanning for a client that connects via SMTP-AUTH<BR><B>Date</B>: Wed, 20 May 2009 21:50:33 -0400<BR><BR>I am running MailScanner 4.75 on x86_64 and Sendmail 8.13. I have a situation where I am relaying e-mail for a trusted mail server with a dynamic IP who connects to my mail scanner via SMTP Auth. I don't have a need for scanning the outbound e-mail from this server but I do need to have the inbound mail scanned. So I figured I would add the domain to scan.messages.rules. From: domain.com no This had the effect of stopping scanning of the mail which was desired but now spam is coming in with the From addresss the same as the To address like: <A href="mailto:xyz@domain.com">xyz@domain.com</A> to <A href="mailto:xyz@domain.com">xyz@domain.com</A>. These messages are not being scanned and getting passed through due to the rule above. Obviously, I didn't think this through correctly and I need a better solution. What is required: 1. Outbound mail from the server with a dynamic IP which authenticates to the mail scanner via SMTP Auth = Not Scanned. I wouldn't care if it just goes from sendmail-in to sendmail-out and not even go through mailscanner but I don't know if that is possible. 2. All other mail scanned (like normal). I know I can't base a rule on the IP address since it is dynamic but I am unsure of any other way to accomplish this. Any thoughts on how I can accomplish this? Thanks, <BR>Gary Faith </BODY></HTML>