Philip Prindeville wrote: > I was rereading the sections on "trusted_networks" and "internal_networks" > in Mail::SpamAssassin::Conf, but something wasn't clear to me. > > It talks about MXes and relays, but... not about client workstations > that might > originate email locally and submit it via port 25 or port 465 (and not the > typical usage of submitting messages via a pipe into an exec'd sendmail > process > on the same machine, etc). > Don't worry about clients, Worry about servers. Client IPs are irrelevant here.
The part you care about is matching anything in your network that would appear in the "by" clause of a Received: header. (or the IP resulting from a DNS lookup of that host name). > If I have a network 192.168.1.0/24, and I have workstations at 10-25 that > submit email, should I just have: > > internal_networks 192.168.1.0/24 > Simple rule: trusted_networks - set to cover all machines that might generate a Received: header that you control. internal_networks - Will default to match trusted_networks if not declared. 99% of the time, you just set trusted_networks. The only practical time the two differ is if you have a MTA that needs to accept mail directly from dialup users. Then you'd set it up so that machine was trusted, but not internal.
