On Jun 20, 2008, at 10:44 AM, Henrik K wrote:
On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote:
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted
host
Henrik K wrote:
Matt, you should know better. ;) It's first _external_ host.
On Jun 20, 2008, at 3:54 AM, Matt Kettler wrote:
Doh.. my bad.
Huh? How are you defining "external" in this context? What
prevents me
from trusting an external hosts?
Nothing prevents you from trusting external hosts, you should do it as
necessary.
Here we go again..
internal_networks = internal/external
trusted_networks = trusted/untrusted
Both define borders which things are checked against. Internal is your
"MX-border", against which SPF and RBL checks are made (all internal
must be
in trusted also). Trusted can expand further to prevent RBL checks
against
trusted hosts and allows kind of whitelisting with ALL_TRUSTED rule.
Okay, so my understanding is correct. So why did you correct Matt?
He said first untrusted host. You said first external host. If
internal hosts must all be trusted, and some external hosts may be
trusted, then the SPF check would be applied to the first untrusted
host, not the first external host.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
