D.J. wrote:
OK, after Googling around for a bit, I may have stumbled on something... specifically this trust path thing. I had my trusted_networks and internal_networks set as my SMTP's and MX's class C network. Because of that, is that causing SA to look at the relay beyond the trusted network as the agent to compare the RBL to? Come to think of it, this didn't appear (or at least wasn't reported to me) before I set those values. At any rate, I've completely removed the internal_networks value, and changed the trusted values variable to 127.0.0.1 <http://127.0.0.1>. Eventually this will be behind a NAT machine, so I have to set *something*. If anyone thinks I'm on the right path, let me know. I'm also going to continue monitoring for this problem, so if it goes away now, I'll let the list know for posterity's sake. Thanks!- D.J.The problem has indeed ceased since changing the setting. At first it didn't quite make sense to me as to why it was working the way it was, but I guess it makes perfect sense if you sit and think about it. A lesson for those who don't know, you never want your MX server to be a "trusted server" or you may have rules firing that shouldn't ;-)
That's incorrect. You always want your MX to be trusted. SA will then check the IP that connects to your MX against most RBLs. Regardless, there are a few RBLs that SA will check all IPs against. Debug info makes it clear what exactly is being checked.
Daryl
