LuKreme wrote: > On 28-Apr-2009, at 15:38, RW wrote: >> It's based on the first routable IP address, > > > Well, that's a very silly thing for it to be looking at. It should be > looking at the LAST routable IP address outside of the trusted > network. Looking at the first routable address is completely worthless. It's actually based on the last IP not matching your internal_networks. If you haven't declared internal_networks or trusted_networks manually, then the auto-guesser is going to set it to be the second-to-last routable IP (it assumes the last routable is your MX, which may or may not be correct depending on how you route/firewall your DMZ.)
Of course, first, or last depends on your perspective. I assume RW was thinking of "first" from a "starting at the inside, working backwards in time" approach. This is backwards, if you think about the chronology of the headers, like SA does. However, it makes sense from a "I'm at my server looking outward at the world" point of view that most folks work from when thinking about network topologies.
