Royce Williams wrote:
From the documentation, msa_networks designates those servers that accept only authenticated messages, regardless of type. I'm the new guy on the list, and have some catching up to do with learning how the *_networks directives work, but the evidence is mounting that if MSAs listed in msa_networks can't tell that they're in msa_networks, then msa_networks does not work as documented.
Can you provide a more detailed explanation of the system(s) that are misbehaving? I've got three different sets of servers with three different SA integration methods for outbound mail, and all three Do The Right Thing(TM) with the same *_networks settings.
It sounds like you've got some factor interfering, but aside from DTDW ("Damn Thing Doesn't Work") errors telling us that *something* is broken, it's hard to see where the trust path is breaking down.
I think from your 10/8 example you've got your head pretty much wrapped around the semantics of the configuration options (the only thing I would set differently would be to add services like Postini to internal_networks, because you want eg Spamhaus rules to trigger on the IP that relayed to Postini, not the Postini filter server IP).
-kgd
