On Fri, 15 Apr 2016 14:08:15 +0000 (UTC) Helmut Schneider wrote: > RW wrote: > > > On Fri, 15 Apr 2016 12:35:24 +0100 > > RW wrote: > > > > > On Fri, 15 Apr 2016 10:10:13 +0000 (UTC) > > > Helmut Schneider wrote: > > > > > > > Hi, > > > > > > > > when further investigating my issue that ALL_TRUSTED is always > > > > true I came along the following lines when debugging SA: > > > > > > > > ... > > > > Apr 15 11:44:43.213 mail /usr/sbin/amavisd-new[9991]: (09991-02) > > > > SA dbg: received-header: originating, 195.245.231.135 and > > > > remaining relays will be considered trusted, but no longer > > > > internal ... > > > > > > > > So SA correctly identifies an relay as external but still trusts > > > > the whole path. Why? > > > > > > It looks like it's being seen as mail submission. Do you have > > > msa_networks set? > > > > I had a look at the code, and it looks like that particular message > > with "but no longer internal" can only be be reached when a flag is > > set that asserts that the message was submitted. This causes the > > point at which trust would otherwise be broken to be treated as a > > submission server. > > msa_networks is not set.
It wont make any difference if amavisd is overriding SA's normal submission detection. > What does "submission" mean in this context? It's when a mail client submits outgoing mail to an mta. This should involve some form of authentication For some reason amavisd thinks that all of your mail is being submitted locally. SA is finding that it's ALL_TRUSTED because amavisd is telling SA that it is via the SA perl library interface.
