https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7686
--- Comment #5 from Jordan <[email protected]> --- Hey Bill, Thanks again for your quick comments! I have no problem configuring spamassassin accordingly. I'm still a bit confused about this part: > Machines that do not trust your webmail server (i.e. have it in > trusted_networks) would not check the it claims to have received the message > from. For clarity, should that read: --- Machines that do not trust your webmail server (i.e. do not have the webmail server IP in trusted_networks) would not check where it claims to have received the message from. --- In other words, external receiving servers would not check the x-originating-ip header *anyway* because the message is already coming from an untrusted source that is found higher up in the delivery chain? And in our case, it *is* checking x-originating-ip solely because the webmail server is already trusted, so x-originating-ip is the only untrusted IP left to check? Do I have that right? -- You are receiving this mail because: You are the assignee for the bug.
