diff --git a/TODO b/TODO
index 33341975d3e74cf102ac219b8b1a390147fccfcf..fadc5c5825986dcd12fc170f4e389e791d5139b8 100644
--- a/TODO
+++ b/TODO
@@ -1,3 +1,35 @@
+Configuration is problematic when handling incoming, but not outgoing mail.
+The problem comes when alice@example.com sends mail to bill@example.com,
+and we are the MX for example.com, but alice is sending from some other
+MTA.  The mail is flagged external, so we don't list example.com in
+internal_domains (or we would get "spam from self").  But, if we try to do a
+CBV, we get "fraudulent MX", because the MX is ourself!  So we need to 
+avoid doing CBV on such domains.  Currently, we try to make sure the SPF
+policies don't do CBV.
+
+On the other hand, if alice is sending internally, or with SMTP AUTH, she
+*does* need the domain to be in internal_domains.  The solution to that 
+is to use the new SMTP AUTH access configuration to specify which domains
+can be used by smtp AUTH (by user if desired).
+
+It would be cleaner if CBV would know which domains we have agreed to
+be MX for. Some ideas for external connections:
+
+a) check access file for To:example.com	RELAY
+b) check mailertable
+c) check mx_domains config list
+d) if there is an SPF record, don't check internal_domains
+   (let SPF block unauthorized machines)
+
+But that still doesn't handle the roaming user, who won't use SMTP
+AUTH, but sends through some hotel MTA.  Maybe we don't want to support
+him?
+
+When setting up pydspam, both sender and rcpt must resolve to dspam users
+for falsepositive recognition.  Usually, this means adding 
+honeypot@mail.example.com to alias list for honeypot in pymilter.cfg.
+This needs to be documented.  I was caught by it setting up a new site.
+
 Add signature (x-sig=AB7485f=TS) to Received-SPF, so it can be used
 to blacklist sources of delayed DSNs.
 
diff --git a/bms.py b/bms.py
index 9227159f028be31c4cb49354c7836c7d33f2ad3c..c3461eb1c43c1b7fec45639e7e3d6d1f04a04401 100644
--- a/bms.py
+++ b/bms.py
@@ -1,6 +1,9 @@
 #!/usr/bin/env python
 # A simple milter that has grown quite a bit.
 # $Log$
+# Revision 1.100  2007/03/24 00:30:24  customdesigned
+# Do not CBV for internal domains.
+#
 # Revision 1.99  2007/03/23 22:39:10  customdesigned
 # Get SMTP-Auth policy from access_file.
 #
@@ -678,13 +681,13 @@ class bmsMilter(Milter.Milter):
         )
 
     self.fp.write('From %s %s\n' % (self.canon_from,time.ctime()))
-    self.internal_domain = True
+    self.internal_domain = False
     if len(t) == 2:
       user,domain = t
       for pat in internal_domains:
-        if fnmatchcase(domain,pat): break
-      else:
-        self.internal_domain = False
+        if fnmatchcase(domain,pat):
+          self.internal_domain = True
+          break
       if self.internal_connection:
         if self.user:
           p = SPFPolicy('%s@%s'%(self.user,domain))
@@ -820,6 +823,11 @@ class bmsMilter(Milter.Milter):
       else:
         hres,hcode,htxt = res,code,txt
       ores = res
+      if self.internal_domain and res == 'none':
+        # we don't accept our own domains externally without an SPF record
+        self.log('REJECT: spam from self',q.o)
+        self.setreply('550','5.7.1',"I hate talking to myself!")
+        return Milter.REJECT
       if spf_best_guess and res == 'none':
         #self.log('SPF: no record published, guessing')
         q.set_default_explanation(