http://bugzilla.spamassassin.org/show_bug.cgi?id=2537
------- Additional Comments From [EMAIL PROTECTED] 2004-02-27 08:32 ------- Subject: Re: dialup dnsbl's don't skip first hop, even when told to At 11:16 AM 2/27/2004, [EMAIL PROTECTED] wrote: >If I've encountered 2 different cases where this doesn't work well, how many >others are there? This seems to be the same type of case as my first one, but >in this case there's no way to add the dynamic dsl to trusted_networks, since >it's not really trusted, nor in my network control. You should definitely NOT add the dsl IP to your trusted_networks. That's not the problem, and adding it won't fix the actual problem you have. Your problem is that SA is incorrectly determining the trust path for your systems. SA attempts to figure out which server in the Received: chain is the start of your network border. Sometimes the information in your headers confuses it. Rather than stopping at your own mailserver, it winds up deciding that "your" mailserver is actually the DSL ISP's server. Since it thinks that server is your network border, it winds up seeing that a DSL machine directly delivered mail to it, and thus declares the message to be directly delivered to your network from a DSL client. Causes of the confusion vary.. usually it's due to NATed or multi-interfaced mailservers on your end (xanadu.evi-inc.com sufferes from this due to NATing) Try putting just your server's own IP address in trusted_networks.. no other hosts. It is especially important to not have any IP addresses belonging to the DSL ISP's mailservers, or any of the IPs of machines not in your network in your trusted_networks. Adding IPs outside of your network worsens the problem, and doesn't fix it, because your problem isn't likely due to lack of trust, it's too much trust resulting from the failure of the automatic trust-path code. A lot of people get confused by this whole problem and think that the proposed solution involves trusting more hosts.. It doesn't. it involves forcing SA to trust your hosts, and only your hosts, in a manner which can't fail due to mis-detection of automated settings. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
