On Fri, Apr 02, 2010 at 01:45:57PM -0800, Royce Williams wrote: > What is the optimal configuration (local.cf or other) for an ISP's > MSAs to prevent unauthenticated dynamic-IP customers from triggering > dynamic tests, but still benefiting from general filtering? > > I was hoping for a magical 'mua_networks' option, which let me > enumerate the IP space that my users submit from, and automatically > exempt them from DOS_OE_TO_MX, etc., but I haven't been able to find > anything like that.
All dynamic rules look at external relays. So if you have SA on the relay that accepts mail from dynamic space, you need to include all that in internal_networks and disable ALL_TRUSTED since it would always hit. I think only other option is to manually disable all affected rules, which would be hard to maintain..
