Matt Kettler wrote:
Ahh, but this can never happen over the open internet. When the NATed sender sends mail to your NATed server, the server will not see the mail as coming from 192.168/16. It will see the sender's public, post-nat IP.
To put it more bluntly, the trusted_networks checks are only against the last (i.e. newest) Received: header IP addresses. So for your gateway to be receiving the SMTP connection, that Received: header would contain a real Internet IP address - or it was a connection from one of your own internally-NATted IP addresses - either way, the check should work.
I too was having difficulty with ALL_TRUSTED firing on incoming Internet mail a month ago, but it's all fixed now (I don't know if 3.0.1 fixed it? Can't remember)
BTW: I've set mine to
clear_trusted_networks trusted_networks 127/8 172.30/12 10/8 192.168/16
...which should be the defaults anyway? Basically I just listed the official private IP address-spaces - they'll never be seen on incoming Internet connections.
-- Cheers
Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
