On Wed, Jun 25, 2008 at 03:08:48AM -0700, Jo Rhett wrote: >> On Wed, Jun 25, 2008 at 03:00:47AM -0700, Jo Rhett wrote: >>> reading the code it implies that maybe I should make >>> internal_networks explicitly defined (right now its implicit and >>> thus == >>> trusted_networks) to be smaller than trusted networks. This will >>> probably solve my SPF problem. Is there a reason not to do this? > > On Jun 25, 2008, at 3:03 AM, Henrik K wrote: >> It's fine to do that. This is all documented on wiki etc. I don't know >> why >> it's still not clear. > > As both someone who writes tech documentation, and as someone who really > isn't all that stupid on this topic, I would suggest that the wiki isn't > necessarily as clear as you hope it would be. It does not spell out > things like how internal_networks and trusted_networks interact with SPF > and whitelist_from_rcvd. It makes statements that when you look at them > later you realize "oh, that's what they meant by that" > (I call to witness the large number of posts on this list that have > read the wiki and still misconfigured trusted_networks)
I agree fully. At the moment even some SA rules have it wrong (using trusted instead of external). IMO it should be forced for users to configure internal_networks also, instead of just setting trusted_networks, which then translates to it. It all comes to the fact that internal_networks is your MX border. All SPF, HELO, RBL etc checks are done on that. Feel free to make it more clear on the wiki. Instead of "How can I optimize the trusted_networks setting?" it should be "How you MUST set *_networks". I'm bad at documenting, so count me out. ;-)
