Mark Martinec wrote:
SA already has some awareness of mail flow direction (inbound vs. outbound) through its trusted_networks/internal_networks/msa_networks settings, and recognizes authentication signs in Received header fields, as well as its whitelist_bounce_relays awareness, so it should be able to deal with things like DUL blacklists correctly. Since you already have split mail paths, i.e. a dedicated MTA for outgoing mail, that's even easier, you can just turn off some dynamic blacklist lookups and adjust some other rules for mail submitted from internal networks or from authenticated roaming users.
FWIW, with properly-configured trusted_networks etc, I haven't seen anything more than noise-level problems (one or two oddities every few months; ~100K messages/day outbound). Some of that may be a higher spam threshold for AUTH'ed mail (8 vs 5) too.
-kgd
