On Mon, Nov 24, 2008 at 04:54:17PM +0100, Karsten Bräckelmann wrote: > I recently spotted some reason to finally try to wrap my head around > trusted_networks and internal_networks, since forwarded mail falsely > triggered RVCD_IN_DNS_MED for -4.0 -- very rare, but still a reason to > fix it. > > So I set it up like I understand the docs (man page and wiki). My own > server, which I got full control of, is internal, the forwarders are > trusted (which I do). > > This however doesn't cut it when looking at the debug logs. We are using > lastexternal for Spamhaus Zen -- which nicely checks if the GNOME or ASF > forwarders might be listed in PBL... This doesn't seem right. > > Why do we use lastexternal here? Shouldn't it be like lastuntrusted or > something?
No, try reading through: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5856 And probably some others.. mailing lists are pretty full of it too.. maybe one day it will be clear. ;) If you don't want GNOME or ASF to be checked in RBLs, then you need to add them to trusted_networks so they won't be checked. Which doesn't even currently work right without my patch (inside the bug above). If you want to check in RBLs the host (zombie/dynamic user?) that relays through GNOME or ASF, then you could add these to internal_networks. The "internal" is a bit misleading. To me it includes something like "trusted third party MXs that may relay mail from zombies to you".
