On Thu, Apr 8, 2010 at 5:13 PM, Henrik K <h...@hege.li> wrote: > On Thu, Apr 08, 2010 at 04:52:00PM -0800, Royce Williams wrote: >> >> Answering myself, I have reworked our *_networks to reflect our >> architecture based on my re-re-re-reading. Nobody has said that my >> example was broken (or was any good, for that matter), so I'm >> operating from that. >> >> With all possible interfaces included from my dedicate MSAs in >> msa_networks, my customers are still subject to IMG_DIRECT_TO_MX, >> FSL_HELO_NON_FQDN_1, RDNS_NONE, HELO_NO_DOMAIN, DOS_DIRECT_TO_MX, >> HELO_LOCALHOST, and the other "you look like an end user, not an MTA" >> rules. >> >> Either my example is fundamentally broken, or everybody else is >> already in there ripping and gripping rules anyway, and so don't mind >> maintaining a similar list. >> >> Since there's no FAQ entry for this, but the reading for understanding >> the problem is so dense, I'm starting to doubt my own sanity. :-) > > As said, these checks are made on the external border. > > Your example does not have MSAs defined as internal.
By design. From the conf document: "Trusted relays that accept mail directly from dial-up connections should not be listed in internal_networks. List them only in trusted_networks." Is this incorrect? Royce
