Chris wrote:
On Saturday 27 May 2006 4:33 pm, you wrote:
Any why did --lint work fine every
time in 3.1.0? Commenting out the internal_networks entry and
restarting SA, --lint shows no errorrs now, why?
We're continuously improving the config parser's ability to detect
configuration *logic* errors. SA 3.1.1 was the first to thoroughly test
the logically configuration of trusted and internal network settings, in
addition to the already present syntactical checking.
If I remember correctly I had setup
my trusted and internal networks the same as I had seen in a message
from JoAnne, I could be wrong though.
It's wrong, trust me. ;)
See http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4760 for a
whole lot of background and insight into this issue.
Like I said before, you need to use at least this (without an
internal_networks line):
trusted_networks 127/8 192.168/16
Additionally, if your MX knows it's public IP you need to add it to the
list of trusted_networks.
If you're using fetchmail to get your Earthlink mail and running it
through SA, you should also add all of the relays through Earthlink's
network (right up to and including their MXes) to your trusted_networks
too.
Daryl
Thanks Daryl. Yes, fetchmail picksup from EL, thru procmail which calls SA.
If I understand you correctly on my trusted_networks line I'll need the ips
for these:
type=MX> [5 mx1.earthlink.net., 5 mx2.earthlink.net., 5 mx3.earthlink.net.,
5 mx4.earthlink.net., 5 mx5.earthlink.net., 5 mx6.earthlink.net., 5
mx7.earthlink.net., 5 mx8.earthlink.net., 5 mx9.earthlink.net., 5
mxa.earthlink.net., 5 mxb.earthlink.net., 5 mxc.earthlink.net., 5
mxd.earthlink.net., 5 mxe.earthlink.net., 5 mxf.earthlink.net., 5
mxg.earthlink.net., 5 mxh.earthlink.net., 5 mxi.earthlink.net., 5
mxj.earthlink.net., 5 mxk.earthlink.net.]
Or am I still showing my ignorance here?
Yeah, you'll need those hosts' IPs along with any intermediate relays
such as the IP(s) of any POP3 servers your mail might go through.
Basically you want to take a look at the headers from an assortment of
your mail and add the IPs of any host your mail passes through starting
with the Earthlink MXes. Do NOT include Earthlink's MSAs (SMTP servers
Earthlink users submit mail to). This all goes in your
trusted_networks. There's no need for separate internal_networks in
your setup.
Daryl
