On Fri, Jul 05, 2019 at 03:59:41PM +0000, David Jones wrote: > My understanding of the proposed X-Relay-Countries-MUA would be > identical to the current X-Relay-Countries except when there is an > authenticated MSA, then it would show the country code.
I've never even thought of this, since it doesn't make sense in my mind. Either there's MUA (Auth) or there isn't. > If you have > written the code (I haven't looked yet) for X-Relay-Countries-MUA to be > blank when the MUA is blank then I agree with you and I will have to > manage multiple sets of the same rules/scores checking each header. Such is life. There are many many more scenarios where one has to maintain many rules and scores. Things can be automated, documented, copypasted, etc. Normal stuff for operators. :-) > This logic could be designed to provide individual headers and other > headers for layers of boundaries. The layer approach could be very > useful for scoring differences using multipliers for higher, less > trusted sources. This is the latest documentation. If anyone wants to chime in, there's still little time, I don't want to debate after 3.4.3-rc4. X-Relay-Countries _RELAYCOUNTRY_ All untrusted relays. Contains all relays starting from the trusted_networks border. This method has been used by default since early SA versions. X-Relay-Countries-External _RELAYCOUNTRYEXT_ All external relays. Contains all relays starting from the internal_networks border. Could be useful in some cases when trusted/msa_networks extend beyond the internal border and those need to be checked too. X-Relay-Countries-All _RELAYCOUNTRYALL_ All possible relays (internal + external). X-Relay-Countries-Auth _RELAYCOUNTRYAUTH_ Auth will contain all relays starting from the first relay that used authentication. For example, this could be used to check for hacked local users coming in from unexpected countries.