> > # Internal > > clear_internal_networks > > internal_networks 127/8 IP_of_first_mail_relay IP_of_second_mail_relay > > # Trusted > > clear_trusted_networks > > trusted_networks 127/8 IP_of_first_mail_relay IP_of_second_mail_relay
> If you properly list your > internal network (127/8 is in your internal network and therefore > should be included) then senders in your network will benefit from > ALL_TRUSTED which is a form of whitelisting. If the mail comes from an > internal network, then there are a number of tests that will be > skipped (to the senders benefit). As a general rule, internal_networks and trusted_networks must exactly match their intended use. This way SA knows which hosts are your MX, your MSA, and whether your general-purpose MTA accepted mail from internal network (in a role of MSA) or from outside (in a role of MX). There are a couple of quirks there (regarding MSA-only hosts), but the following must be adhered to (just some general notes I collected on the topic): # Anytime there are trusted relays present there will be at least one internal # relay, The machine you're scanning on should be internal & trusted and # should add its own received header before scanning. # # trusted_networks should contain "all the trusted hosts" # and internal_networks should contain "all the trusted hosts # except for your MSAs". # # ALL hosts after (and including) the MX that accepts mail on your behalf # are a part of your internal network. # # ALL internal_networks MUST be in trusted_networks. # # Specifying internal_networks that aren't also (manually config'd) # in trusted_networks should be a configuration error. # # Internal networks IS NOT all of your IPs though. It cannot include # your MSA if you don't also include all of your user's IPs. # To allow authenticated roaming users to be recognized by SA # MTA must include this information in header: # smtpd_sasl_authenticated_header yes # See http://wiki.apache.org/spamassassin/DynablockIssues # See also discussion in: # http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4760 Mark ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/