Jo Rhett wrote:
If you do get a connection attempt from a non routable address on your
SMTP servers external interface, you should have no way to acknowladge
the connection if your own border router is configured correctly.
You are assuming that there is enough infrastructure to provide a border
router.
Yes that was my assumption.
If you haven't got your own border router, then the router(s)
your provider(s) uses to route packets between your public
network and the Internet is/are the border router(s).
Wich of course makes everything different since you can't make
sure those routers are configured correctly. :-/
So please disregard my comment about your border router.
Because again, why should the host trust an IP address which should
never reach it?
I don't know, and I never suggested you do.
Then again, the trust setting in SA is about trusting Received
headers and not only about trusting hosts that connect directly
to the system. So in order to have a working unbroken trust path
that correctly mirrors reality it *might* be neccessary to
include hosts that relays mail but never connects directly to the
server running SA.
Whether this applies to your system or not is something I'm
currently not qualified to have an opinion about.
Regards
/Jonas
--
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/