Hi, consider the following mail setup:
sender -> ISP -> customer mailserver (running SA) Currently the ISP's mail server isn't automatically added to trusted_networks but this has to be done manually. Wouldn't it make sense to determine the MX hosts of the target domain via DNS and dynamically add them to trusted_networks? How about the following setup: sender -> ISP-MX -> ISP-forwarding server -> customer mailserver (running SA) In this case the ISP's forwarding server will not be within trusted_networks and the trust chain breaks. How about additionally trusting all Received-Headers until one of the MXs for the domain appears for the first time? Do you see any problems (e.g. holes for spammers) with this logic? Do you think this will help reducing the need to configure trusted_networks by hand? Kind regards, Gerd
