Vicki Brown wrote:
>At 10:45 -0800 03/20/2005, Jeff Chan wrote:
>
>
>>The trust path needs to be set correctly for things to
>>work properly.
>>
>>
>
>If the "trust path" is not "set correctly" by default, then the rule should
>not be enabled by default. That's just wrong.
>
Vicki, the problem is that if the trust path is not "set correctly" a
LARGE number of rules in SA would have to be disabled. Not just
"ALL_TRUSTED". SA very heavily depends on the trust path to figure out
what host delivered mail to your network.
Realistically, ALL_TRUSTED misfiring here is in some ways a warning sign
that you have serious problems.
Other problems include:
DUL and dynamic style RBLS false-firing on properly relayed messages
DUL/dynamic RBLs not firing on direct-delivered spam
whitelist_from_rcvd not firing when it should
whitelist_from_rcvd matching spam messages with faked headers.
ditto for RCVD_IN_BSP_TRUSTED
ditto for HELO_DYNAMIC_*
FAKE_HELO_MAIL_COM_DOM not matching when it should (FP unlikely)
Shall I go on?
