On Tue, 2004-11-02 at 15:16, George Georgalis wrote:
> >> The setup I use routes mail at the tcp level, it's basically impossible
> >> for a message to reach spam assassin if it's from a trusted network.
> >So why not set trusted_networks to 127.0.0.1. That way you can
> >be certain that the rule will never fire. You'll also get the
> >benefit of the DNS blocklists been checked for the addresses in
> >the Received headers - with your current setup, its possible
> >that some of these will be marked as trusted, and as such you'll
> >lose the benefit of the RBL check.
>
> There is lots of reasons not to do something. What I'm not seeing
> is a reason why I can't stop trusted_networks from using cpu/dns.
> your idea sounds okay for some applications (and I'm changing from
> 192.168 to 127.0.0.1 as a matter of course), but I don't want every
> address in headers looked up. I don't want any of them looked up.
> I hope it's okay for me to be that way.
>
> I am concerned about the IP a message is coming from, but in my setup,
> that is dealt with before SA ever sees the message.
You can stop dns lookups by setting "dns_available no" which
results in the following if trusted_networks is unset.
debug: received-header: cannot use DNS, do not trust any hosts from here
on
However, this also disables SURBLs - which you probably still want!
I don't think its possible to disable DNS lookups for trusted networks
without also disabling it for the SURBLs.
- Sean
