(Note: For clarity, the https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html link you provided IS the page I refer to when I say "reading the wiki".)
Ok, reading it again: it says / //"trusted_networks IPaddress[/masklen] ... (default: none)// // // What networks or hosts are 'trusted' in your setup. Trusted in this case means that relay host</b>s on these networks are considered to not be potentially operated by spammers, open relays, or open proxies.// // MXes for your domain(s) and <b>internal relays should also be specified using the internal_networks setting</b>. When there are 'trusted' hosts that are not MXes or internal relays for your domain(s) they should only be specified in trusted_networks.// //.// //.// //Every entry in internal_networks must appear in trusted_networks; in other words, internal_networks is always a subset of the trusted set./" So that suggests I should have entered the 195.26.90. entry in both trusted_networks AND internal_networks (rather than just 'internal'). Of course, I never did this. But I dont really understand the point of putting it in both anyway if 'trusted' is going to mean it is not going to be checked (whats the benefit of stating it in internal?) It then goes on to say /"This value is used when checking 'dial-up' or dynamic IP address blocklists, in order to detect direct-to-MX spamming."/ But doing this has proven it does NOTHING (as this is what I was doing) as long as there was a 'trusted_networks' option with a value in it. And then, it would only be adhered to if the trusted was removed, at which point the 'internal_networks' became the "trusted" range. And this confirms this: /"If trusted_networks is not set and internal_networks is, the value of internal_networks will be used for this parameter."/ So to summarise: * 'internals' MUST be also quoted in TRUSTED (this is the only thing that makes them exempt) * 'internals' entries are not trusted/exempt from checking unless they appear either in TRUSTED or in an INTERNAL_NETWORK with no 'trusted_network' entry in config. * if a 'trusted' entry section exists in config, the 'internals' entries are there for...?? Who knows. CONCLUSION: it was working as the book says (even though the book is not clear WHY the book says what it says). -- View this message in context: http://spamassassin.1065346.n5.nabble.com/Advice-why-one-relay-evaluated-and-not-the-other-tp121145p121223.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
