> Jari Fredriksson a écrit : >>> MrGibbage a écrit : >>>> #ps11651.dreamhostps.com and pelorus.org >>>> internal_networks 75.119.219.171 >>>> trusted_networks 75.119.219.171 #I think this is wrong >>> no, it is not wrong. the documentation says: >>> >>> Every entry in "internal_networks" must appear in >>> "trusted_net- >>> >>> works"; >>> >>> so whenever you put an internal_network line, you should >>> add the same line with "trusted" instead of "internal". >>> >> >> If that is indeed true, > > As of 3.2.5, Received.pm contains this: > > if (!$relay->{auth} && > !$trusted->contains_ip($relay->{ip})) { > $in_trusted = 0; $in_internal = 0; # if it's > not trusted it's not internal > > > } > > so as soon as an "untrusted" relay is found, it is > considered as "external". > >> it is a BUG IMO. >> > > not really a bug. just a configuration annoyance . I > mean, since internal_networks is a subset of > trusted_networks, then any "internal" relay should > automatically be considered as "trusted", without the > need to duplicate information. > > >> Brain dead requirement! > > the requirement is "reasonable". an "internal" relay that > wouldn't be "trusted" is irrelevant. why would you want > to skip PBL/DUL lookup for an IP that may be forged?
I tried with this: ---------(local.cf)----------- internal_networks 10.0.0.0/8 trusted_networks 10.0.0.0/8 127.0.0.1 trusted_networks 212.16.98.0/24 212.16.100.0/24 62.142.0.0/16 195.197.172.98 trusted_networks 195.74.0.0/16 213.192.189.2/24 217.30.188.0/24 65.54.0.0/16 trusted_networks 83.145.211.136 217.30.180.104 trusted_networks 64.233.183.0/24 209.85.199.0/24 72.14.247.27/24 64.233.163.27 trusted_networks 213.157.94.92 ------------------------------ Here, internal is a subset of trusted, is that how it should go? $ spamassassin -D --lint [7594] warn: netset: cannot include 127.0.0.1/32 as it has already been included [7594] warn: netset: cannot include 10.0.0.0/8 as it has already been included It looks like SA itself configured the trusted.