MrGibbage a écrit : > I have read the help pages for those two settings over and over, and I guess > I'm just not smart enough. I can't figure out what I should put for those > two settings. Can one of you give me a hand by looking at the headers from > an email? I can tell you that my SA installation is on > "ps11651.dreamhostps.com" and the way I receive email is I my email is sent > to my public email address, "s...@pelorus.org" and I have an auto-forwarder > which sends the mail to my SA box via email, at > skip-mor...@psoneonesixfiveone.dreamhostps.com (mangled here). I never > receive mail directly to skip-mor...@psoneonesixfiveone.dreamhostps.com. If > I did, it would have to be spam because they scraped the address from > somewhere. pelorus.org and ps11651.dreamhostps.com are the same box. All > the appriver stuff below is done on the sending side of my company's > exchange server. > > Anyway, maybe I got it, but these two settings seemed too important to get > wrong, so I just want to be sure. > > #ps11651.dreamhostps.com and pelorus.org > internal_networks 75.119.219.171 > trusted_networks 75.119.219.171 #I think this is wrong
no, it is not wrong. the documentation says: Every entry in "internal_networks" must appear in "trusted_net- works"; so whenever you put an internal_network line, you should add the same line with "trusted" instead of "internal". > > So is the idea that I could add more trusted_networks to the list, sort of > like a whitelist. Perhaps adding my work ip addresses below? Isn't that > trusted_networks setting above saying "**ALL** mail is trusted to not be > spam since **ALL** mail comes in on that IP address? And what about the > "Received: from homiemail-mx7.g.dreamhost.com > (balanced.mail.policyd.dreamhost.com [208.97.132.119])"? I have checked and > I do receive all mail from one of 208.97.132.* Should that be on my > internal_networks? > [snip] here, trusted mostly means the relay does not forge Received headers. it can relay spam, but it is not controlled by spammers (directly or via trojans/open proxies/...). to summarise: for those relays that you trust not to be operated by spammers (directly or not): - if they receive mail from "residential/dynamic" IPs (without authentication), then list them in trusted_networks only - else, list them in both internal_networks and trusted_networks If this is too theoritical, consider the practical side: When SA looks up PBL, SORBS_DUL, ..., it will not look up IPs listed in internal_networks. in general, your own relays will be listed in both internal_networks and trusted_networks. but if you have a forwarder that is not under your control, and that may be used to relay mail for "residential" IPs, then you don't want to put it in internal_networks (otherwise, mail from the residential IPs may be caught by PBL, SORBS_DUL, ... evethough it is relayedvia a smarthost, as is generally recommended).