On Tue, Nov 02, 2004 at 03:40:02PM +0000, Sean Doherty wrote: >On Tue, 2004-11-02 at 15:16, George Georgalis wrote: > >> >> The setup I use routes mail at the tcp level, it's basically impossible >> >> for a message to reach spam assassin if it's from a trusted network. > >> >So why not set trusted_networks to 127.0.0.1. That way you can >> >be certain that the rule will never fire. You'll also get the >> >benefit of the DNS blocklists been checked for the addresses in >> >the Received headers - with your current setup, its possible >> >that some of these will be marked as trusted, and as such you'll >> >lose the benefit of the RBL check. >> >> There is lots of reasons not to do something. What I'm not seeing >> is a reason why I can't stop trusted_networks from using cpu/dns. > >> your idea sounds okay for some applications (and I'm changing from >> 192.168 to 127.0.0.1 as a matter of course), but I don't want every >> address in headers looked up. I don't want any of them looked up. >> I hope it's okay for me to be that way. >> >> I am concerned about the IP a message is coming from, but in my setup, >> that is dealt with before SA ever sees the message. > >You can stop dns lookups by setting "dns_available no" which >results in the following if trusted_networks is unset. > >debug: received-header: cannot use DNS, do not trust any hosts from here >on > >However, this also disables SURBLs - which you probably still want! >I don't think its possible to disable DNS lookups for trusted networks >without also disabling it for the SURBLs.
Thanks, indeed I do use SURBLs. and am quite pleased with those! // George -- George Georgalis, systems architect, administrator Linux BSD IXOYE http://galis.org/george/ cell:646-331-2027 mailto:[EMAIL PROTECTED]
