On Tue, 02 Jun 2009 16:26:08 -0400 Adam Katz <antis...@khopis.com> wrote:
> -notfirsthop examines all IPs except the originating one, useful for > ignoring the user's direct IP, which could be a hotel or dialup IP. You'd think, but in practice -lastexternal gets used. I'm not sure why. > My confusion: > > -firsttrusted is "trusted" in that you can trust that the server is > valid and not forged. It is /not/ a member of trusted_networks (this > is similar to the AWL vs whitelist issue!). A name without the word > "trust" (like "-firstseen") would be preferable. that sounds more confusing to me. > -untrusted is also easily confused with "trust" from trusted_networks > though like firsttrusted, it refers to potential forgery (and it took > me a while to figure that out). Renaming this to avoid the word > "trust" (e.g. "-maybeforged") would make it more clear. I'm not really sure that making these thing totally transparent is a good idea. Most people don't need to understand them at all, and the effort that's required to get them straight is about the minimum you need to put in before tinkering with anything that needs such knowledge. It makes sense in the end, and it's easy to remember once understood. > Perhaps > lastexternal refers to the relay that connected to the last > (outermost) It last, as in "last external before entering the internal network", not outermost looking from the spamfilter. >internal_network while firsttrusted refers to the relay > that connected to the outermost trusted_network? That's how it's supposed to work. > There's more name > confusion here, too; "last" vs "first" depends on the direction you're > looking: firsttrusted looks in the /opposite/ direction as > lastexternal. It's in the same direction, in the sense of the direction of the handovers. > Why not have a flag for "not in trusted_networks" which would operate > like the union of what we currently call -untrusted and -firsttrusted > (or can I say 'mybl-untrusted-firsttrusted' ?) ... what would we call > such a thing? -foreign perhaps? I'm pretty sure that's the default. For something like Spamhaus SBL you don't specify any suffix at all.
