On Tue, Apr 6, 2010 at 2:13 PM, Kris Deugau <kdeu...@vianet.ca> wrote: > Royce Williams wrote: >> >> Some new information. In this 2008 thread: >> >> http://old.nabble.com/ALL_TRUSTED-and-DOS_OE_TO_MX-td15659736.html >> >> ... Daryl says: >> >> "So if (and I'll admit I don't think this occurred to me before) you're >> running SA on outgoing mail on your MSA right after you receive it (it's >> not relayed to an intermediate machine) SA can't detect the MSA and the >> whole msa_networks thing doesn't work." >> >> That is exactly our setup - our outbound servers are accepting mail >> from customers and handing them off to the world, not going through >> any other servers. Could this be the issue? > > Hmm. We have the same general setup, but we may be avoiding trouble because > our outbound scan is done while the SMTP transaction is in progress, and the > message SA sees does not have our MSA's Received: header yet. (Of course, > we then hit NO_RECEIVED and a collection of related tests, but none of them > score very high IIRC; have to check the specifics.)
We also scan before accepting (MIMEDefang), so that must not be the difference between us. Can anyone else speak to whether or not Daryl's observation -- about msa_networks not applying to MSAs that are at the email "border" -- is still in effect? Royce
