Michael, > in fact, any connection to amavis from 169* would be > strange... unless your laptop also did not get a good ip and pulled a > 169* address.
Yes. It would be unusual, although not impossible. Possible only when both were connected to the same LAN segment and the MTA's interface would have an 192.168.x.x address configured as an alias - highly unlikely. > in SA default 'local.cf' I think they have internal_networks 192.168/16 > 10/8 172.16/12. might need 169.254/16. > > this doesn't give the internal network the right to relay, and, most > installs will override internal_* and trusted* with their outbound mail > server ip's, and you still have to set the mynets up in amavisd to > include/not include 169*. > > but, given this discussion, I think Ill post a bugzilla to SA. > internal_networks don't trigger DCC, PYZON,RAZOR, SPF or RBL checks. > > > It is exactly the same argument why one can and should safely > > include the 127.0.0.0/8 in the trusted_networks list. The same > > applies to private address ranges and link-local address space. > > i think SA from (3.2* onward include 127.0.0.0/8 by default?) it you put > it it yourself, you get a lint warning: > warn: netset: cannot include 127.0.0.0/8 as it has already been included I think it was a mistake to put 127.0.0.0/8 in the list by default but not other private and local address ranges. And even a bigger mistake to issue a warning when one tries to explicitly add the 127.0.0.0/8 to the list. But this is merely an aestetical / user experience topic. One should list all private and scoped address ranges, keeping in mind that 127.0.0.0/8 is already included, and that failing to list some private address range which is not used within an organization does no harm. > so, question begs: I think this is in default local.cf: > > grep networks local.cf > internal_networks 192.168/16 172.16/12 10/8 > > should SA add 169.254/8 by default for completeness? As documented, the 127.0.0.0/8 and ::1 are the address ranges that are always automatically included in internal_networks and trusted_networks. Anything beyond that comes from your local.cf file. There are no other defaults. The local.cf that comes with a distribution is merely an example file, one should check it out and adjust according to a local setup. If 192.168/16 were to be included by default, so should the 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16, as well as scoped IPv6 addresses. I don't think there is a need for that. I'd even exclude the current default, but making such a change now would add to confusion. Mark
