Sander Holthaus wrote: > Jason Faulkner wrote: > >>> trusted_networks 127.0.0.1 > >>> internal_networks 127.0.0.1 > >>> > >> trusted_networks is *NOT* a whitelist. Do NOT try to use it as one. > EVER. > >> > > I'm confused as to what you mean by this. I'm using these in my > > environment, and they do a good job of making sure that mail relayed > > through my internal networks don't get marked as spam. > > I'm not sure about that either, but I would say that in many > environments, 127.0.0.1 belongs to both the trusted and internal > networks. In fact, it is hard to imagine an environment where > 127.0.0.1 is neither trusted or internal, as it is the host running > spamassassin or it refers to an external trusted host.
I'm not saying 127.0.0.1 doesn't belong in internal/trusted networks. I'm saying that don't expect to whitelist a host by adding it to either. trusted_networks is NOT a whitelist. internal_networks is NOT a whitelist. Now, properly used they can have a significant impact on how your SA scores mail, but too few hosts here is just as bad as too many. Therefore, DO NOT try to use these settings as a whitelist. Configure them to match your network topology, not your whitelist desires.