On Jun 20, 2008, at 1:19 PM, Henrik K wrote:
You should know by now what SA network settings do. I don't know how
complex
your setup really is for them not to work.
It's not complex at all. Everything is external, there are no
firewalls. All public IP space documented in the external DNS.
One host is bastion host that is also connected to a private network
with no routing to the internet. Several machines on this private
network are configured to route mail via the bastion host.
I trust anything from the private network relayed by the bastion host.
I don't trust anything that appears to be from the private network
that actually directly reaches my mail server. The mail server has no
ability to actually route a packet to that private network, so this is
clearly a forgery.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
