D.J. wrote:
OK, after Googling around for a bit, I may have stumbled on
something... specifically this trust path thing. I had my
trusted_networks and internal_networks set as my SMTP's and MX's
class C network. Because of that, is that causing SA to look at the
relay beyond the trusted network as the agent to compare the RBL
to? Come to think of it, this didn't appear (or at least wasn't
reported to me) before I set those values. At any rate, I've
completely removed the internal_networks value, and changed the
trusted values variable to 127.0.0.1 <http://127.0.0.1>. Eventually
this will be behind a NAT machine, so I have to set *something*. If
anyone thinks I'm on the right path, let me know. I'm also going to
continue monitoring for this problem, so if it goes away now, I'll
let the list know for posterity's sake. Thanks!
- D.J.
The problem has indeed ceased since changing the setting. At first it
didn't quite make sense to me as to why it was working the way it was,
but I guess it makes perfect sense if you sit and think about it. A
lesson for those who don't know, you never want your MX server to be a
"trusted server" or you may have rules firing that shouldn't ;-)
That's incorrect. You always want your MX to be trusted. SA will then
check the IP that connects to your MX against most RBLs. Regardless,
there are a few RBLs that SA will check all IPs against. Debug info
makes it clear what exactly is being checked.
Daryl