joe a skrev den 2023-01-06 18:35:
On 1/6/2023 12:15 PM, Kevin A. McGrail wrote:
My interpretation is thus:
You have a firewall with a public IP and an private IP
You have a box with email behind that firewall.
When it talks to the world, it should do helo <fqdn> that maps back to
your Firewall's public IP not to a private RFC1918 address.
Regards,KAM
Make sense to me.
So I guess my real question is, how do I cause spamassassin to make
it's query in that fashion? Since the wiki stated it in a way that
suggests it is a spamassassin feature, I presume to ask here and not
look at the firewall or elsewhere.
KAM is always right firewall :=)
why do you ask for spamassassin configs then ?
if your spamassassin is on rfc1918 ip, then move your local dns server
to wan ip on the firewall, then allow query from rfc 1918 on the dns
server, listen-on 192.168.1.1 as and example, do list all ips "ip addr
show" on the firewall and add all non routeble ips from this list
ps dont bind the wan ip
if you can then use pdns-recursor, with nearly have all good defaults
for all needed to be up and running safely
#powerdns Recursor 4.8.0 | Authoritative Server 4.7.3 | dnsdist 1.7.3
if you like to play :=)
bind is not that stable for me sadly, so using other problems to solve
what bind dont do well
