On Tue, 11 Sep 2012, Noel Butler wrote:
On Mon, 2012-09-10 at 18:34 +0000, Helmut Schneider wrote:
If I understood you correctly I'd need to add all relays of MessageLabs
to trusted_networks and also track any IP address changes...
I wouldn't.
I've seen multiple spam from messagelabs
Multiple spams _sent by_ MessageLabs, or multiple spams that they did not
catch and block? If the latter, that's no reason not to add them to
trusted_networks.
trusted_networks is for hosts you trust not to forge headers, not for
hosts you trust not to originate or forward spam. I don't think
MessageLabs would forge headers on mail they process for you under
contract.
I apologize for my earlier suggestion, it was off-the-cuff; yes, if you
use MessageLabs to process your inbound mail it does make sense to extend
trust to them so that you do DNSBL and other checks on the host that
delivers mail _to them_ rather than performing those checks against the
MessageLabs hosts.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Taking my gun away because I *might* shoot someone is like cutting
my tongue out because I *might* yell "Fire!" in a crowded theater.
-- Peter Venetoklis
-----------------------------------------------------------------------
Tomorrow: the 11st anniversary of 9/11
