On 19 Apr 2021, at 21:28, John Hardin wrote:
On Mon, 19 Apr 2021, Bill Cole wrote:
On 19 Apr 2021, at 11:05, Matus UHLAR - fantomas wrote:
On 19 Apr 2021, at 8:42, Simon Wilson wrote:
Yes, my trusted_networks, internal_networks and msa_networks are
all set correctly... I had a long discussion with this mailing
list on the subject last year and got excellent help on
resolving that! :)
On 19.04.21 09:17, Bill Cole wrote:
Then the most direct tactic would be to modify KAM_DMARC_REJECT
to not hit if ALL_TRUSTED is hit.
On 19 Apr 2021, at 9:26, Matus UHLAR - fantomas wrote:
that would cause problems if you set up trusted_servers to any
foreign server
you trust not to fake headers.
On 19.04.21 09:46, Bill Cole wrote:
A valid point.
That raises the question of why we don't have an ALL_INTERNAL rule.
&& __LAST_EXTERNAL_RELAY_NO_AUTH
should do that.
I don't think that works if X-Spam-Relays-External is empty, i.e. all
relays are internal.
...so:
header ALL_INTERNAL X-Spam-Relays-External =~ /^$/
?
Actually, what I committed earlier today in my sandbox and will move to
the main rules tree if it doesn't do anything crazy in masschecks:
describe __NO_EXTERNALS No external relays
header __NO_EXTERNALS X-Spam-Relays-External =~ /^$/
describe ALL_INTERNAL Has only internal relays
meta ALL_INTERNAL __NO_EXTERNALS && !NO_RELAYS
tflags ALL_INTERNAL nice
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
