Whitelisting Relays

Matt Kettler mkettler at EVI-INC.COM
Wed Apr 7 21:56:14 IST 2004


At 04:27 PM 4/7/2004, Mark Nienberg wrote:
>If you add the following line to "spam.assassin.prefs.conf" then
>spamassasin will not
>run the RBL checks for a particular relay address.  It will still do the
>rest of the
>checks.  I add the IP address of my backup MX this way, just to save some
>miniscule
>amount of CPU and time, I guess.
>
>trusted_networks 192.117.100.6

Be slightly wary of this setting unless you understand it fully. It's not
just there to skip RBL checks on a host, but in the case of a back-up MX,
you do want to put it in your trust list.

Trusted networks helps SA figure out where your network border is. Any
"trusted" host, is considered to be a part of your home network by SA.

For example, when doing dialup checks, SA will examine the IPs dropping
mail off to the first trusted server.  It's important to never trust the
mailserver of a dialup ISP for this reason.. SA will think their mailserver
is yours, and that dialup nodes are direct-delivering mail. Ouch.

SA will also only check IPs that dropped off to a trusted_networks machine
when doing whitelist_from_rcvd checks.

Other than the word of caution about dialup nodes, go ahead and use
trusted_networks, just be careful about trusting servers that aren't relays
you control, or relays which accept mail from dialups.



More information about the MailScanner mailing list