I have known the reason why SA take the ip as a trusted ip.
When a mail whose authentication method is esmtp included the
received-header,
SA will take the ip as a trusted ip.
See the SpamAssassin/Message/Metadata/Received.pm:
# if we find authentication tokens in the received header we can
extend
# the trust boundary to that host
if ($relay->{auth}) {
dbg("received-header: authentication method ".$relay->{auth});
$inferred_as_trusted = 1;
}
Thank you all the way.
2013/11/29 Henrik K <h...@hege.li>
> On Fri, Nov 29, 2013 at 10:48:42AM +0800, ???? wrote:
> >
> > but I did not set any ip in the trusted_networks, why SA take the
> > 124.73.143.235 as a trusted ip?
>
> In what case not "trusting" internal ip would make sense? What is it that
> you are really trying to achieve?
>
> http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Conf.html
>
> internal_networks ip.add.re.ss[/mask] ... (default: none)
>
> "Every entry in internal_networks must appear in trusted_networks; in other
> words, internal_networks is always a subset of the trusted set."
>
>
