> Jari Fredriksson a écrit :
>>> MrGibbage a écrit :
>>>> #ps11651.dreamhostps.com and pelorus.org
>>>> internal_networks 75.119.219.171
>>>> trusted_networks 75.119.219.171 #I think this is wrong
>>> no, it is not wrong. the documentation says:
>>>
>>> Every entry in "internal_networks" must appear in
>>> "trusted_net-
>>>
>>> works";
>>>
>>> so whenever you put an internal_network line, you should
>>> add the same line with "trusted" instead of "internal".
>>>
>>
>> If that is indeed true,
>
> As of 3.2.5, Received.pm contains this:
>
> if (!$relay->{auth} &&
> !$trusted->contains_ip($relay->{ip})) {
> $in_trusted = 0; $in_internal = 0; # if it's
> not trusted it's not internal
>
>
> }
>
> so as soon as an "untrusted" relay is found, it is
> considered as "external".
>
>> it is a BUG IMO.
>>
>
> not really a bug. just a configuration annoyance . I
> mean, since internal_networks is a subset of
> trusted_networks, then any "internal" relay should
> automatically be considered as "trusted", without the
> need to duplicate information.
>
>
>> Brain dead requirement!
>
> the requirement is "reasonable". an "internal" relay that
> wouldn't be "trusted" is irrelevant. why would you want
> to skip PBL/DUL lookup for an IP that may be forged?
I tried with this:
---------(local.cf)-----------
internal_networks 10.0.0.0/8
trusted_networks 10.0.0.0/8 127.0.0.1
trusted_networks 212.16.98.0/24 212.16.100.0/24 62.142.0.0/16 195.197.172.98
trusted_networks 195.74.0.0/16 213.192.189.2/24 217.30.188.0/24 65.54.0.0/16
trusted_networks 83.145.211.136 217.30.180.104
trusted_networks 64.233.183.0/24 209.85.199.0/24 72.14.247.27/24 64.233.163.27
trusted_networks 213.157.94.92
------------------------------
Here, internal is a subset of trusted, is that how it should go?
$ spamassassin -D --lint
[7594] warn: netset: cannot include 127.0.0.1/32 as it has already been included
[7594] warn: netset: cannot include 10.0.0.0/8 as it has already been included
It looks like SA itself configured the trusted.
