mailscanner behind a smtpd frontend (trusted_networks and internal_networks)

Philipp Snizek philipp.snizek at terreactive.ch
Wed Feb 15 09:04:07 GMT 2006


Dear all

That's very good news.
Thanks for your input and the discussion.

Philipp

On Tue, 2006-02-14 at 16:03 -0500, Matt Kettler wrote:
> Glenn Steen wrote:
> > Thank you. Somesay I'll actually undersatnd this SA stuff... with this
> > explanation, that day might even be today:-)
> 
> Generally speaking, for most people trusted=internal=all your IPs.
> 
> The only common exception is if you have a relay that you operate which must
> receive mail directly from dynamic/dialup users (ie: without being relayed
> through the ISP mailserver but directly delivered to your box using pop-before
> smtp or smtp AUTH).
> 
> In that case you'd still trust that relay, but you'd have to declare a separate
> internal_networks which excluded it. Otherwise all the HELO_DYNAMIC and dialup
> RBL rules would fire off.
> 
> I'd advise against deviating away from those two usage scenarios unless you
> really understand trusted/internal networks in-depth.
> 
> Many admins over-react to the word "trusted" and try to trust nothing. But
> that's impossible, SA always has to trust something. Let's face it, if you can't
> even trust yourself, how can you tell what's real and not?
> 
> Trust is really important to SA. It helps it know that certain Received: headers
> aren't forged, and therefore can be used to make decisions about where the mail
> came from.
> 
> Trust and Internal status affects the behavior of about 2 dozen rules in SA 3.1.0.
> 



More information about the MailScanner mailing list