From: NFN Smith [mailto:[EMAIL PROTECTED] > > From there, I've done more tinkering, but still not getting the > results I want. Another try on raw data. > > Starting with settings in sa-mimedefang.cf: > > > # IP addresses of trusted hosts -- use these instead of whitelisting our domains > > trusted_networks 68.99.120.79 > > internal_networks > > whitelist_from_rcvd [EMAIL PROTECTED] lakecmmtao05.coxmail.com > > I hadn't had a setting for internal_networks, but reading the man > definition, it seems worth putting it there with a null definition.
Hmm... I'm not sure what effect that internal_networks line will have. If you don't want to explicitly set it, just leave it out and let it default to the trusted_networks setting. > From there, I generated a message that was delivered with the > following relevant headers: > > > Received: from lakecmmtao05.coxmail.com (lakecmmtao05.coxmail.com [68.99.120.79] ) > > by pulsar.lfa.com (8.13.1/8.13.1) with ESMTP id j8NJ4Oxs027324 > > for <[EMAIL PROTECTED]>; Fri, 23 Sep 2005 12:04:25 -0700 > > Received: from [192.168.1.100] (really [24.249.175.230]) > > by lakecmmtao05.coxmail.com > > (InterMail vM.6.01.05.02 201-2131-123-102-20050715) with ESMTP > > id <[EMAIL PROTECTED]> > > for <[EMAIL PROTECTED]>; Fri, 23 Sep 2005 15:04:19 -0400 > > Message-ID: <[EMAIL PROTECTED]> > > Date: Fri, 23 Sep 2005 12:03:32 -0700 > > From: NFN Smith <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: [SPAM: 7.737] Spam test #6 > > X-Spam-Status: Yes > > X-Spam-Score: 7.737 (*******) (required=4) > > tests=BLANK_LINES_70_80,CLICK_BELOW,EXCUSE_3,FREE_CONSULTATION, > > MAILTO_TO_REMOVE,NO_OBLIGATION,ONE_TIME_MAILING,REMOVE_IN_QUOTES, > > REMOVE_SUBJ,RISK_FREE > > X-Scanned-By: MIMEDefang 2.44 > > Thus, I sent a message through a coxmail.com server, showing the > sacbeemail.com address in the From: line (a combination I want to > trust, at least for testing purposes), and addressed to > [EMAIL PROTECTED] The target machine is lfa.com. Ok, so here is what I see as far as the mail path: - Sent from 24.249.175.230 ... untrusted - Received by 68.99.120.79 ... trusted - Received by pulsar.lfa.com ... untrusted (unless SA defaults the local machine) > Relevant log entries show: > > > Sep 23 12:04:25 pulsar sendmail[27324]: j8NJ4Oxs027324: > from=<[EMAIL PROTECTED]>, size=1607, class=0, > nrcpts=1, msgid=<[EMAIL PROTECTED]>, > proto=ESMTP, daemon=MTA, relay=lakecmmtao05.coxmail.com [68.99.120.79] > > Sep 23 12:04:26 pulsar mimedefang.pl[27269]: > MDLOG,j8NJ4Oxs027324,spam,7.737,68.99.120.79,<[EMAIL PROTECTED] > beemail.com>,<[EMAIL PROTECTED]>,Spam test #6 > > Sep 23 12:04:26 pulsar sendmail[27324]: j8NJ4Oxs027324: > Milter change: header Subject: from Spam test #6 to [SPAM: > 7.737] Spam test #6 > > Sep 23 12:04:26 pulsar sendmail[27324]: j8NJ4Oxs027324: > Milter add: header: X-Scanned-By: MIMEDefang 2.44 > > Sep 23 12:04:26 pulsar sendmail[27328]: j8NJ4Oxs027324: > to=<[EMAIL PROTECTED]>, delay=00:00:01, xdelay=00:00:00, > mailer=local, pri=33885, dsn=2.0.0, stat=Sent > > Thus, in the results that I'm getting, I don't have something quite > right in the combination of definitions between trusted_networks and > whitelist_from_rcvd. From what I've figured out so far, I seem to > be close, but I'm missing something small. Ok...I just re-read the man page entry for whitelist_from_rcvd. Now I think I follow what is happening. The IP that is checked is the one that sent mail to your internal network (as defined by internal_networks). So this is what happened: lakecmmtao05.coxmail.com is part of your internal network, so the check was pushed back to the previous server, 24.249.175.230, which translates to wsip-24-249-175-230.ph.ph.cox.net and doesn't match the whitelist_from_rcvd line. What you probably want to do is this: internal_networks 64.65.180.91 trusted_networks 64.65.180.91 trusted_networks 68.99.120.79 So that pulsar.lfa.com is internal and trusted, while lakecmmtao05.coxmail.com is trusted, but not internal. That way, you can use lakecmmtao05 in the whitelist_from_rcvd commands. Whitelist_from_rcvd can only check domains outside of your internal_networks. So for what you want, only the local machine is internal. All others are simply trusted. Try it that way and see what happens. Can anyone else who is more knowledgeable about how internal_networks and trusted_networks interact comment on this? I think this will work fine, but I want to make sure there aren't any side effects that I'm not considering. Bowie
