On Fri, Jun 26, 2015, at 01:23 PM, RW wrote: > They shouldn't be trusted unless there is a chain of trust. They don't > matter anyway since they are from the original relay before the email > was forwarded.
I thought that 'chain of trust' was established by their inclusion in the internal_networks/trusted_networks. Apparently not ... What's the correct means/place to establish that chain of trust? If they "don't matter anyway" since they're from prior hop, should they not be ignored, rather than parsed & identified as untrusted? > > internal_networks 127.0.0.0/8 192.168.1.100/24 > > 192.168.2.100/24 X.X.X.142/32 X.X.X.143/32 > > trusted_networks 192.168.1.100/24 192.168.2.100/24 > > X.X.X.142/32 X.X.X.143/32 66.111.4.0/24 82.221.106.240/29 > > > X-Spam-Relays-Untrusted: > > [ ip=66.111.4.29 rdns=out5-smtp.messagingengine.com > > helo=out5-smtp.messagingengine.com > What's actually odd here is that 66.111.4.29 is in 66.111.4.0/24 and so > should be trusted. Well, now, that's a good point. I hadn't yet looked past the other problem ...
