mailscanner behind a smtpd frontend
Glenn Steen
glenn.steen at gmail.com
Tue Feb 14 20:43:08 GMT 2006
On 14/02/06, Matt Kettler <mkettler at evi-inc.com> wrote:
> Glenn Steen wrote:
> > On 14/02/06, Matt Kettler <mkettler at evi-inc.com> wrote:
> >> Glenn Steen wrote:
> > (snip)
> >>> Problem 1 is that you can't really do that for all the Received
> >>> lines... And the original problem is that adding such a line is an RFC
> >>> MUST. Sigh.
> >>>
> >>> So unless one can do REs on it, you lose. Unfortunately,
> >>> bayes_ignore_header doesn't seem to accept RE:s (from the man-page)...
> >>> Perhaps Matt Kettler has a better clue...
> >> My impression is why bother ignoring the Received: headers?
> >>
> >> As long as your trusted/internal networks is set correctly bayes should be able
> >> to deal with extra Received: headers just fine.
> > Eh, I am obviously missing something here.... You are saying that
> > although all external mail is received from that ("internal") host,
> > Philipp should set it as trusted?
> >
>
> Yes.. You should trust all your mail servers that add Received: headers. Just
> because it acts as a mail relay for untrusted mail does not mean you should not
> trust the box itself.
>
> Trust here means trusted to not forge headers, and trusted to never originate
> spam. It does not mean it will never relay spam from other sources.
>
> As for SA, it will still see the mail as coming from an untrusted source. It
> will merely realize that there's a trusted relay in between.
>
> In fact, if you fail to trust the relay (and thus have it be internal), then SA
> is going to treat it as being "outside" your network. This will cause any tests
> that attempt to apply to the first external host to be applied to the relay
> instead of the proper outside host.
>
Thank you. Somesay I'll actually undersatnd this SA stuff... with this
explanation, that day might even be today:-)
... And that neatly solves all the real and imagined(:-) problems Philipp have.
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list