Wow, I had a feeling I was opening a can of worms here. This is one area where I really feel the SA documentation could benefit by having some real world examples.
Right now I am just going with the one internal_networks set to the ip of my SA server. I'm not setting any trusted_networks. I figure there's no harm in not trusting anyone, right? Just a few extra CPU cycles while SA checks out all the IP addresses in the email. Or is there more impact than just that? Skip RW-15 wrote: > > On Sun, 12 Jul 2009 17:29:07 +0200 (CEST) > "Benny Pedersen" <m...@junc.org> wrote: > >> >> On Sun, July 12, 2009 16:21, RW wrote: >> > Generally forwarders should go into your internal networks, >> >> no no, internal networks is your own wan ips nothing more, imho >> >> forwarders is trusted/msa > > If you do it that way SPF, XBL, DUL etc run against a server that's > inside your trusted network and not against the responsible IP address. > > >> > unless they rewrite the return-path >> >> why does this change ? > > Ideally you want SPF to run against the IP address that delivered to > first MX server; and unless that MX server adds usable SPF headers, you > need to put it into the internal network. If the forwarding server > does Sender Rewriting, SA may not be able to get the original smtp > "mail from" address, and you may want to use the trusted network > instead to run SPF against the rewritten address. > > -- View this message in context: http://www.nabble.com/trusted_networks-and-internal_networks-tp24448374p24451803.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
