On Fri, 16 Sep 2011 15:57:42 +0200 Matus UHLAR - fantomas wrote: > Hello, > > iiuc, the msa_networks was created to explicitly tell SA that mail > was authenticated.
When something relays through a server in msa_networks, anything before that inherits its trusted/internal network status. This prevents SA from inferring an MX handover into the internal network, and consequently it can't run MX specific tests that are mostly inappropriate for a mail client. > Is there a locical difference betwen mail authenticated by MSA in > msa_networks and mail authenticated locally, or by internal relay? > > I mean, do we trust host in msa_networks more than host that > authticated locally, so we don't check in RBLs and HELO strings for > host in msa_networks, but we do if a user authenticated locally > (which should be in fact the same as if user authenticated there)? Detecting authentication is a fallback for when msa_networks can't be used, or is incomplete. SA records authentication information, but it's up to each individual test to use that information sensibly. > Should I add "msa_networks 0/0" on our own MSA that authenticates all > users? You put the msa ip addresses in msa_networks, but for it to work SA has to be able to see the address in a received header.
