Justin,
> > - if any addresses of the 'by' host is in a reserved network range,
> > then it's trusted
> >
> > However, I would have thought that this would imply that the 10.0.0.53
> > host is trusted and not any servers connecting to it.
>
> The problem is that 10.x is a private net, therefore SpamAssassin infers
> it cannot possibly be the external MX sitting out there on the internet.
> (for a host to be sitting on the public internet accepting SMTP
> connections, it'd obviously need a public IP addr.)
>
> so the *next* step must be the external MX.
My 10.x server is inside a firewall which NATs port 25 so this
conclusion is not correct. I imagine that my setup isn't all
that different from a lot of other peoples.
> > Can someone please clarify this for me? Also should I be specifying
> > 10.0.0.53 in trusted_networks in local.cf?
>
> Yep, that's right -- and trusted_networks will fix it.
Yes trusted_networks does indeed fix the issue, but I'm still
not so sure that the algorithm to deduce trusted_networks is
correct (if not specified).
For an inbound only relay is it correct to say that trusted_networks
should only contain the IP address of the relay itself?
For an inbound/outbound relay it should contain the local
network/mask or eg downstream Exchange server + relay host?
Regards,
- Sean
