On Mon, Apr 12, 2010 at 12:20 PM, Kris Deugau <kdeu...@vianet.ca> wrote:
> Royce Williams wrote:
>>
>> From the documentation, msa_networks designates those servers that
>> accept only authenticated messages, regardless of type. I'm the new
>> guy on the list, and have some catching up to do with learning how the
>> *_networks directives work, but the evidence is mounting that if MSAs
>> listed in msa_networks can't tell that they're in msa_networks, then
>> msa_networks does not work as documented.
>
> Can you provide a more detailed explanation of the system(s) that are
> misbehaving? I've got three different sets of servers with three different
> SA integration methods for outbound mail, and all three Do The Right
> Thing(TM) with the same *_networks settings.
>
> It sounds like you've got some factor interfering, but aside from DTDW
> ("Damn Thing Doesn't Work") errors telling us that *something* is broken,
> it's hard to see where the trust path is breaking down.
>
> I think from your 10/8 example you've got your head pretty much wrapped
> around the semantics of the configuration options (the only thing I would
> set differently would be to add services like Postini to internal_networks,
> because you want eg Spamhaus rules to trigger on the IP that relayed to
> Postini, not the Postini filter server IP).
Kris, Thanks for the feedback, generally and about my example. I will
try to do more sleuthing along the trust path and report back when I
have something definitive to say or get stuck.
I will also file a bug to suggest updates to the *_networks language
that is in direct contradiction to the advice in other parts of this
thread.
Royce
