Monty Ree wrote: > Hello, all. > > I have read this site. > http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Conf.html > > > and I would like to set like this. > > If a mail is sent from some ip range like (111.222.111.0/24), > all mail score is -10. It would be similar to whitelist_from [EMAIL PROTECTED] > So, I set like below. > > trusted_networks 111.222.11/24 > score ALL_TRUSTED -10 > > 1.Above it right?
I would strongly suggest NOT using trusted_networks as an IP based whitelist for IPs outside your network. Don't treat this as similar to whitelist_from. Really I would suggest doing this to whitelist a whole external server: whitelist_from_rcvd * mailserver.example.com Also, if you must do this, make SURE you've got all of your MailServer IPs in trusted_networks before you add anything else. You can really break SA pretty badly if trusted or internal networks is confused. > 2. If a mail sent from some smtp, which rule ie required? ??? I don't understand that question.. nearly all mail is sent from some SMTP... > 3. What's the difference between trusted_networks and internal_networks? The difference is quite subtle, and for most networks trusted=internal. Trusted means you trust the site to not forge headers, and not originate spam (although it might relay spam as any MX might). Internal means it's a MX or relay for YOUR domain. SA uses this value when trying to figure out network borders. Also, SA assumes Internal hosts will never directly receive mail directly from a dialup or dynamic home-user node, only via a relay. Generally, these two are the same, most networks only trust their own servers, and none of their servers accept dialup mail. However there are a few configurations where it's useful to have them be different. The example in the docs is a site that has a MX that must accept mail direct-from-dialup/dynamic, such as a dialup ISP.. In this case, the server is yours, so you trust it, but it also accepts mail directly from dialup users (your customers) so you have to not declare it in internal_networks. Read the docs for more detail http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html
