On Tue, 17 Sep 2013 19:56:56 -0400 (EDT) Art Greenberg wrote: > I am running SA on my private mail server. Mail comes in directly for > one domain (using no-ip.com to get around a port block), and via > fetchmail for several others. I have listed the MXes at no-ip.com and > the ISP machines that fetchmail goes to as "trusted", and my (static) > domain IP as "internal". > > ... > > The "lastexternal" tests do list an untrusted IP, yet that IP is > deemed not appropriate to test. But the "firsttrusted" and other > tests do test that IP.
You need to put the ISP into your internal network for last-external tests to work. Ideally internal network should extend unbroken to all MX servers. If you have external-trusted servers beyond the internal network it's not possible to identify the MX handover, the trusted network may contain submission servers.
