> Ok, well that is resolvable. What is actually meant
> to be included as "internal" and what is the difference
> between that and trusted networks? If something is
> trusted then it can be treated as internal, or can't it?
The "simple" rule is internal_networks are really YOUR internal networks
that are in the path of mail messages from the place they are received up to
the machine running SA. They have to be specified in terms of the addresses
SA will see when it queries them.
trusted_networks would generally include all your internal networks, since
you presumably trust them. HOwever, if you don't trust your users to not
send spam to other users, you may want to leave the frontend mail
distribution machine out of the trusted list.
There would generally not be a lot of point in trusting external networks.
For one thing, it will only extend the trust boundary IF they connect
directly to your trusted hosts. If they relay through an untrusted host
somewhere, it no longer matters if they are trusted. The trust boundary
stops at the first untrusted host, since you can't trust any following
headers to not be forged.
Loren
