On Sat, 08 Aug 2009 17:10:01 -0500 Chris <cpoll...@embarqmail.com> wrote:
> I have an entry in a what I call "my-whitelist.cf" > in /etc/mail/spamassassin: > > whitelist_from_rcvd blackwell_...@yahoo.com yahoo.com > > If I run a message from this person with spamassassin -D -t msg > shouldn't I get a hit on USER_IN_WHITELIST or not? The trouble with whitelist_from_rcvd is that it relies on the MX server recording reverse DNS - most do, some don't. > Also, I'm still not sure I have my trusted_networks setting correct. I > have this in my local.cf: > > trusted_networks 192.168/16 71.48.160.0/20 71.54.96/19 > > Here is a line of Received: from headers from a test mail to myself: > > Received: from [71.54.109.114] and one from someone else using embarq > Received: from [71.48.166.180] > > If I read the below correct this is a listing of all CIDRs in the > embarq AS range: > > http://www.cidr-report.org/cgi-bin/as-report?as=as6367&view=2.0 > > should all of these be listed in the trusted_networks entry or do I > misunderstand the concept still? Absolutely not, it leaves thousands of back-doors open. Just use the ip addresses used as servers, not customer addresses. /24 ranges based on the server addresses you've seen in headers are usually a safe compromise. Often the servers between you and the MX server use private addresses, which makes things a lot easier - you can safely list all private addresses. The best way to tell is to send test messages from external mail services or look at real mail - mail from yourself can be misleading. If you are using an ISP for your mail you're conservatively advised to put them in trusted_networks because that behaves least badly for the worst case ISPs. In practice it's almost always better to put them into internal_networks so SA knows where the real MX servers are, particularly in your case since embarq records authentication on it's submission server, note the "with ESMTPA" in your headers.