Matt Kettler wrote:
At 10:17 AM 11/4/2004, Sean Doherty wrote:
> JMHO, but shouldn't all networks be considered untrusted unless a user > specifies otherwise?
I got to agree with you there - especially given that the inference algorithm doesn't work in every environment.
Unfortunately this only solves one aspect of the problem.
SA NEEDS to have the correct trust path.
Trusting nobody is just as bad as trusting everyone. Trusting nobody breaks whitelist_from_rcvd, for example.
This is all becoming very confusing about what effect the trusted networks code has on the rest of SA. Possibly I have not read the conf pages correctly.
"internal_networks ip.add.re.ss[/mask] ... (default: none)
If neither trusted_networks or internal_networks is set, no addresses will be considered local; in other words, any relays past the machine where SpamAssassin is running will be considered external."
And trusted?
"whitelist_from_rcvd [EMAIL PROTECTED] sourceforge.net
Note that this requires that internal_networks be correct. For
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
simple cases, it will be, but for a complex network, or running with DNS checks off or with -L, you may get better results by setting that parameter."
I'm confused here, if I set no trust params, then all networks are trusted by default. But if I trust no networks, then I cannot use whitelist_from_rcvd to define a trusted relay?
To me that says, in order to define a trusted relay via whitelist_from_rcvd, I first must trust ALL relays, or put all the relays I have in whitelist_from_rcvd into my trusted networks as well.
DAve
-- Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker!
