On Mon, Mar 02, 2009 at 05:16:37AM +0000, RW wrote: > > As I understand it the difference between trusted and internal is that > PBL/DUL checks are done at the internal/external boundary so > they don't FP on mail submission into the trusted network.
Right. > Firstly, doesn't that imply that relaying services like Spamgourmet > could be treated as internal and not just trusted? If it relays mail to you from anywhere (kind of remote MX for you) and you want to check connceting client in RBLs, then yes. It's handy for some mailing lists etc. > Secondly, the PBL/DUL FP's don't appear to happen if the client > authenticates into the internal network and it's recorded in received > header. So presumably most independent mail services and many ISPs > servers could be put into the internal network. Right. As above, use internal if you want to check clients connecting to such server. Which doesn't make sense if it only relays mail from it's own users. Notice that SPF checks are done on internal border also. > Thirdly, why is Spamhaus XBL evaluated with "-lastexternal" like the > PBL/DUL blocklists? As documented on XBL FAQ. http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20XBL#99 Cheers, Henrik
