Matt Kettler wrote:
Matt Kettler wrote:
Daryl C. W. O'Shea wrote:
I get now hints from the logfiles concerning a timeout,
my trusted/internal networks in local.cf are set as follwing
---------------------------
trusted_networks 80.123.XXX.XXX
trusted_networks 80.122.XXX.XXX
internal_networks 192.168.1.0/24
internal_networks 192.168.2.0/24
internal_networks 127.0.0.1
---------------------------
That doesn't pass a lint check, does it? If it does you're using a
really old version of SpamAssassin. If it doesn't it's because
internal_networks must also be trusted and if you're using 3.2,
127.0.0.1 is always trusted+internal (so it'll warn about it already
being configured).
Interesting.. How does 3.2 deal with a trusted MX that must accept mail
directly from dialup nodes without SMTP AUTH?
In older versions, you'd configure that server to be trusted but make it
not a member of internal_networks to avoid the DUL tests being applied
to it.
Nevermind.. I wrapped my brain around it backwards..
Yeah. FWIW, though, for net checks to be useful you always want your MX
to be trusted+internal. If your MX also acts as an MSA you'll still
want it to be trusted+internal and have your users use some sort of auth
that shows up in the Received header. If the relay is just an MSA, then
yeah, trusted and not internal is workable and possibly advisable
(although I'd use msa_networks instead).
Daryl
