OK, thanks. I still have problems exactly understanding the difference between trusted_networks and internal_networks is, though. My understanding is that trusted_networks is our entire ip address range, all hosts (143.210.0.0/16), and internal_networks is mail servers that we run?
From what the doc's say, that's correct.
Trusted = trusted to not forge headers, and not originate spam, but might relay spam (ie: as an MX). Trusted IPs are also exempted from DNSBL checks.
Internal = a mail relay. Used in whitelist_from_rcvd checks, and in checking DUL's and other "direct-to-mx" type spam RBLs.
If you only set one of the two, the other will copy it's value and the two will be the same.
I think this clip from the manpage summarizes it well:
"MXes for your domain(s) and internal relays should also be specified using the internal_networks setting. When there are 'trusted' hosts that are not MXes or internal relays for your domain(s) they should only be specified in trusted_networks. "
