On Fri, Jun 20, 2008 at 11:01:40AM -0700, Jo Rhett wrote:
> On Jun 20, 2008, at 10:44 AM, Henrik K wrote:
>> On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote:
>>>>> On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
>>>>>> That is correct, SPF checks are applied to the first untrusted
>>>>>> host
>>>
>>>> Henrik K wrote:
>>>>> Matt, you should know better. ;) It's first _external_ host.
>>>
>>> On Jun 20, 2008, at 3:54 AM, Matt Kettler wrote:
>>>> Doh.. my bad.
>>>
>>>
>>> Huh? How are you defining "external" in this context? What
>>> prevents me
>>> from trusting an external hosts?
>>
>> Nothing prevents you from trusting external hosts, you should do it as
>> necessary.
>>
>> Here we go again..
>>
>> internal_networks = internal/external
>> trusted_networks = trusted/untrusted
>>
>> Both define borders which things are checked against. Internal is your
>> "MX-border", against which SPF and RBL checks are made (all internal
>> must be
>> in trusted also). Trusted can expand further to prevent RBL checks
>> against
>> trusted hosts and allows kind of whitelisting with ALL_TRUSTED rule.
>
>
> Okay, so my understanding is correct. So why did you correct Matt? He
> said first untrusted host. You said first external host. If internal
> hosts must all be trusted, and some external hosts may be trusted, then
> the SPF check would be applied to the first untrusted host, not the first
> external host.
I corrected Matt because when newbies read such claims, they don't learn to
separate the meanings. Also your comment makes no sense given what I said
already.
As the code says:
# dos: first external relay, not first untrusted
return $scanner->{relays_external}->[0];
SPF will be checked for first external (non internal_networks) host. Period.
This doesn't have anything to do with your case specifically, I'm just
explaining how things work.
