On Fri, Jun 20, 2008 at 11:08:01AM -0700, Jo Rhett wrote: > I just realized something re: the previous message about SPF failure. > > trusted_hosts is also apparently blocking whitelist_from_rcvd from > working. > > This is getting out of control. I understand the original intent here, > but basically what is happening is that by making a host "trusted" you > are basically saying to ignore > > SPF > whitelist_from_* > etc... > > Everything that says "any message from this host is good" is > compromised/broken. > > Honestly, I think we need two separate forms here: > > trusted_relays should be what trusted_hosts is today. We trust that > this host won't add false headers to the e-mail. If you read the > description of trusted hosts, that's clearly what the rule is meant to > do. > > trusted_hosts should mean "no, we really truly trust this host and want > everything it gives us"
And here we go again.. whitelist_from_rcvd is checked on external (internal_networks) border. If you set up internal and trusted right, there are no problems.