On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote: >>> On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote: >>>> That is correct, SPF checks are applied to the first untrusted host >>> > >> Henrik K wrote: >>> Matt, you should know better. ;) It's first _external_ host. > > On Jun 20, 2008, at 3:54 AM, Matt Kettler wrote: >> Doh.. my bad. > > > Huh? How are you defining "external" in this context? What prevents me > from trusting an external hosts?
Nothing prevents you from trusting external hosts, you should do it as necessary. Here we go again.. internal_networks = internal/external trusted_networks = trusted/untrusted Both define borders which things are checked against. Internal is your "MX-border", against which SPF and RBL checks are made (all internal must be in trusted also). Trusted can expand further to prevent RBL checks against trusted hosts and allows kind of whitelisting with ALL_TRUSTED rule. http://wiki.apache.org/spamassassin/TrustPath PS. https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5856
