On Aug 12, 2011, at 5:49 AM, Mark Martinec wrote: > host/link/site -local IP addresses and private addressess are *not* > routable outside their scope. You can't receive/establish a TCP > session from such IP address from outside on your MX mailer.
I have no idea what networks you participate in, but my system is on a network where I can get RFC1918 addresses from as much as 8 hops away. I absolutely don't trust those addresses. > When analyzing a mail header (top to bottom), SpamAssassin > breaks a trust chain on encountering a 'received from' carrying > an IP address not in your trusted_networks. Anything beyond that > does not matter, further Received trace header fileds would > not be trusted even if they carry an IP address matching the > trusted_networks. For path detection, fine -- but that shouldn't be applied in places used by rules which allow relay, allow no-av-check, etc. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
