[Mimedefang] md is not the first relay
Yizhar Hurwitz
yizhar at mail.com
Tue Dec 5 15:18:05 EST 2006
HI.
> > I am now using it and is seems to do the job.
> > I have also added the upstream mail relay to "internal_networks" for
> > example:
> >
> > trusted_networks a.b.c.d
> > internal_networks a.b.c.d
> >
> > This is what I understood from "man Mail::SpamAssassin::Conf" which is a bit
> > confusing, for me at least.
>
> You don't have to explicitly set internal_networks if it's the same
> as trusted_networks. internal_networks is supposed to be all of your
> MX hosts. trusted_networks may contain more than your MX hosts,
> if there are other hosts that you trust not to forge headers
> (eg: other mailservers you control, or that regularly forward
> mail to you, operated by trusted third parties).
>
> Does that make it clear?
No, it is still confusing.
This is what I read in "man Mail::SpamAssassin::Conf":
trusted_networks ip.add.re.ss[/mask] ...
(some text skipped)...
MXes for your domain(s) and internal relays should also be speci-
fied using the "internal_networks" setting. When there are
trusted hosts that are not MXes or internal relays for your
domain(s) they should only be specified in "trusted_networks".
And this:
internal_networks ip.add.re.ss[/mask] ... (default: none)
What networks or hosts are internal in your setup. Internal
means that relay hosts on these networks are considered to be
MXes
for your domain(s), or internal relays. This uses the same
format
as "trusted_networks", above.
This value is used when checking dial-up or dynamic IP address
blocklists, in order to detect direct-to-MX spamming. Trusted
relays that accept mail directly from dial-up connections should
not be listed in "internal_networks". List them only in
"trusted_networks".
So, as far as I understand from the above:
The general rule is:
an MX server should be listed in "trusted_networks" and also in
"internatl_networks"
An exception rule is:
but if the MX server is also accepting direct connections from client
(for example an ISP outgoing mail server),
then it should be listed only in "trusted_networks".
So in my case the general rule applies, because the MX server is used
only for incoming mail,
it is an ISP server dedicated for that purpose (as far as I know).
dial up and home users of the ISP use a different server for sending
their outbound mail.
Am I correct?
Yizhar Hurwitz
http://yizhar.mvps.org
More information about the MIMEDefang
mailing list