[EMAIL PROTECTED] wrote: > > I'm wanting to test SA's SPF implementation here by running a test > message through a "sandbox" machine that > is configured like our production environment. > > Our domain has an SPF record, and I've made sure that it's reflected > on our internal network. I've tested SPF > as a standalone implementation, and messages coming through that route > get rejected like they're supposed > to. > > When I try to hand this off to SA, it appears that my test machine and > the message itself is getting flagged as > ALL_TRUSTED, and because of that, the SPF plugin doesn't even try to > validate the IP against the domain. > > What do I have to do in order to make this a "non-trusted" > transaction? I can't find how "ALL_TRUSTED" is set > or determined. It finds out by either guessing, or by you setting it with the trusted_networks command.
see: http://wiki.apache.org/spamassassin/TrustPath