On 7/5/19 9:09 AM, Bill Cole wrote: > On 5 Jul 2019, at 9:37, David Jones wrote: > >> For the sake of others, it would be beneficial if the default behavior >> of X-Relay-Countries changed to the X-Relay-Countries-MSA. > > Definitely not for 3.4.3. Preferably not at all. While I agree in > principle with having some way to trust machines as honest without > trusting their authentication systems to be bulletproof, that shouldn't > involve changing a useful stable feature in a way that will break > reasonable configurations. That change would cause substantial false > positives at some sites if deployed without carefully considered > preparation. It would be a poison pill for packagers who value stability. > >
I believe the only change would be the Relay-Countries value would have country codes in it. We aren't suggesting changing any other logic so the ALL_TRUSTED would still hit and RBLs would not be check on authenticated IPs. Is your concern the RBL checks on those authenticated IPs? -- David Jones
