On 19 Apr 2021, at 8:42, Simon Wilson wrote:
Yes, my trusted_networks, internal_networks and msa_networks
are all set correctly... I had a long discussion with this
mailing list on the subject last year and got excellent help
on resolving that! :)
On 19.04.21 09:17, Bill Cole wrote:
Then the most direct tactic would be to modify
KAM_DMARC_REJECT to not hit if ALL_TRUSTED is hit.
On 19 Apr 2021, at 9:26, Matus UHLAR - fantomas wrote:
that would cause problems if you set up trusted_servers to any
foreign server
you trust not to fake headers.
On 19.04.21 09:46, Bill Cole wrote:
A valid point.
That raises the question of why we don't have an ALL_INTERNAL rule.
On 19 Apr 2021, at 11:05, Matus UHLAR - fantomas wrote:
&& __LAST_EXTERNAL_RELAY_NO_AUTH
should do that.
On 19.04.21 11:11, Bill Cole wrote:
I don't think that works if X-Spam-Relays-External is empty, i.e. all
relays are internal.
I understand this as:
if mail was received by internal relay unauthenticated, it's external, and
therefore, should be subject to DMARC checks.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Due to unexpected conditions Windows 2000 will be released
in first quarter of year 1901
