On Thursday June 1 2006 04:05, Matt Kettler wrote: > Simple rule: > trusted_networks - set to cover all machines that might generate a > Received: header that you control. > internal_networks - Will default to match trusted_networks if not declared. > > 99% of the time, you just set trusted_networks. > The only practical time the two differ is if you have a MTA that needs > to accept mail directly from dialup users. Then you'd set it up so that > machine was trusted, but not internal.
Just for completeness: besides DUL checks, it also controls SPF checks, so it is imperative than MSA hosts are excluded from internal_networks. Mark
