On Sat, 3 Apr 2010 10:24:43 -0800 Royce Williams <royce.willi...@gmail.com> wrote:
> > Putting the address ranges into internal_networks is what you do if > > you *don't* have separate MSAs and MX servers. Otherwise you you > > put the MSAs into msa_networks and internal_networks. Anything that > > connects to a server in msa_networks inherits the internal/trusted > > status of the msa. > > > My understanding is that if my own dynamics inherit the MSA's > internal/trusted status, then the headers added by those hosts are > assumed to be genuine. That's a behavior I'm trying to avoid. That's the behaviour you want. If everything is internal, there's nothing to run the tests against. > Maybe I'm misunderstanding some rule fundamentals. Some rules are > designed to detect MUAs, but don't appear to be affected by the > contents of msa_networks. Examples are the Outlook-detecting rules > like DOS_OE_TO_MX, ... DOS_OE_TO_MX depends on __DOS_SINGLE_EXT_RELAY which is looking for one "[...]" block in Relays-External, which should be empty. Do you have your MSAs in msa_networks, internal_networks and trusted_networks? If you do, and you have a non-null Relays-External, you've probably found a bug.
