Russ Ringer wrote:
> I think I did this a long time ago when I got scores lowered from
> ALL_TRUSTED. Nothing is trusted, it only gets mail from outside.

Bad admin, no biscuit..

"Nothing is trusted" is impossible in SA.

You *MUST* trust at least one host (your own server). In fact, it's impossible
to not trust any servers. If you don't declare your trusted_networks, SA will
try to guess what it should be.

After all, if you can't even trust yourself, you can't tell what is and is not
real. Most people refer to such a state as insanity.

Trust here has to do with trusting the Received: headers to be free of forgery.
A trusted host is not assumed to be "spam free", just operating in a normal
legitimate manner and accurately reporting the source IP for the mail in the
Received: header.

In general you should "trust no one (else)" but you need to at least trust your
own server to not commit acts of header forgery. SA works a whole lot better
when it knows which headers are trustworthy.






Reply via email to