On Thu, 9 Jun 2016 06:50:55 -0700 (MST) jimimaseye wrote: > (Note: For clarity, the > https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html > link you provided IS the page I refer to when I say "reading the > wiki".) > > Ok, reading it again: it says > / > //"trusted_networks IPaddress[/masklen] ... (default: none)// > // > // What networks or hosts are 'trusted' in your setup. Trusted in > this case means that relay host</b>s on these networks are considered > to not be potentially operated by spammers, open relays, or open > proxies.// // MXes for your domain(s) and <b>internal relays > should also be specified using the internal_networks setting</b>. > When there are 'trusted' hosts that are not MXes or internal relays > for your domain(s) they should only be specified in > trusted_networks.// //.// > //.// > //Every entry in internal_networks must appear in trusted_networks; > in other words, internal_networks is always a subset of the trusted > set./" > > So that suggests I should have entered the 195.26.90. entry in both > trusted_networks AND internal_networks (rather than just > 'internal').
As I said, if you only set one, the other is implied to be the same. > Of course, I never did this. But I dont really > understand the point of putting it in both anyway if 'trusted' is > going to mean it is not going to be checked (whats the benefit of > stating it in internal?) trusted means that a server is trusted not to be spammer controlled, so you can rely on it not to forge headers. The edge of the internal network is used to find the relevant MX handover. In most cases SA can work out the internal/trusted networks for itself, where it can't it's usually not necessary, or advisable, to extent the trusted network beyond the internal network. It's only needed in some corner-cases involving multiple networks.
