On Thu, Apr 08, 2010 at 06:31:37PM -0800, Royce Williams wrote: > On Thu, Apr 8, 2010 at 5:13 PM, Henrik K <h...@hege.li> wrote: > > On Thu, Apr 08, 2010 at 04:52:00PM -0800, Royce Williams wrote: > >> > >> Answering myself, I have reworked our *_networks to reflect our > >> architecture based on my re-re-re-reading. Nobody has said that my > >> example was broken (or was any good, for that matter), so I'm > >> operating from that. > >> > >> With all possible interfaces included from my dedicate MSAs in > >> msa_networks, my customers are still subject to IMG_DIRECT_TO_MX, > >> FSL_HELO_NON_FQDN_1, RDNS_NONE, HELO_NO_DOMAIN, DOS_DIRECT_TO_MX, > >> HELO_LOCALHOST, and the other "you look like an end user, not an MTA" > >> rules. > >> > >> Either my example is fundamentally broken, or everybody else is > >> already in there ripping and gripping rules anyway, and so don't mind > >> maintaining a similar list. > >> > >> Since there's no FAQ entry for this, but the reading for understanding > >> the problem is so dense, I'm starting to doubt my own sanity. :-) > > > > As said, these checks are made on the external border. > > > > Your example does not have MSAs defined as internal. > > By design. From the conf document: > > "Trusted relays that accept mail directly from dial-up connections > should not be listed in internal_networks. List them only in > trusted_networks." > > Is this incorrect?
It also states that msa_networks propagates those hosts *_networks settings recursively. Which means the dial-ups will be internal too.
