After reading the Mail::SpamAssassin::Conf (spamassassin 3.1.3-1 on Debian) I was unclear about trusted vs internal networks. After reviewing previous emails on this list, here's what I think it is: trusted_networks for hosts I trust to put good info in the Received headers. internal_networks for those that are additionally trusted not to receive email from IP's in dial-up RBL's.
Is that about right? Here are the things that confused me. This is a request for clarification, and a hint that maybe the man page could be clearer. The simplest issue is the question of defaults. Both settings say the default is none. However, the text asserts that each defaults to the other, and also that trusted_networks defaults to an inferred check if DNS tests are enabled. These various statements appear contradictory. The inferred trusted_networks in particular raises some questions: 1) if you specify trusted_networks explicitly, do these add to or replace the ones inferred? 2) if internal_networks is set and trusted_networks is not, does trusted networks end up holding the contents of trusted_networks, the inferred list, or both? 3) Does clear_trusted_networks affect the inferred trusted networks? 4) If internal_networks is specified explicitly and trusted_networks is not, does internal networks end up with the explicit specification, the inferred trusted_networks (seems unlikely), or both? However, my main confusion was the exact distinction between internal and trusted networks. Under trusted_networks it says "MXes for your domain(s) and internal relays should also be specified using the internal_networks setting. When there are 'trusted' hosts that are not MXes or internal relays for your domain(s) they should only be specified in trusted_networks." This had me wondering what would be sending mail that wasn't an MX or a relay, and thinking that the key distinction between trusted_networks and internal_networks was this MX and relay vs others. Also, since discussion on this list has emphasized that trusted means "trust the receive headers," I can't see how it would be relevant to anything but an MX. But I'm no expert in this area. Finally, the discussion of internal_networks makes clear that the statement "MXes for your domain(s) ... should also be specified using the internal_networks" is wrong. MXes that get mail from dial-up hosts do not belong in internal_networks. If this distinction based on dial-up hosts is the key one, the names trusted_networks and internal_networks seem pretty confusing to me. -- Ross Boylan wk: (415) 514-8146 185 Berry St #5700 [EMAIL PROTECTED] Dept of Epidemiology and Biostatistics fax: (415) 514-8150 University of California, San Francisco San Francisco, CA 94107-1739 hm: (415) 550-1062
