On Mon, 19 Apr 2021 09:46:48 -0400 Bill Cole wrote: > On 19 Apr 2021, at 9:26, Matus UHLAR - fantomas wrote: > > >> On 19 Apr 2021, at 8:42, Simon Wilson wrote: > >>> Yes, my trusted_networks, internal_networks and msa_networks are > >>> all set correctly... I had a long discussion with this mailing > >>> list on the subject last year and got excellent help on resolving > >>> that! :) > > > > On 19.04.21 09:17, Bill Cole wrote: > >> Then the most direct tactic would be to modify KAM_DMARC_REJECT to > >> not hit if ALL_TRUSTED is hit. > > > > that would cause problems if you set up trusted_servers to any > > foreign server > > you trust not to fake headers. > > A valid point.
I assume you mean because it would still run on forwarded mail that comes in via the trusted/external network. This can be fixed by combining ALL_TRUSTED with a comparison of the number of relays in external and untrusted.
