You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Ben Wylie <sa...@benwylie.co.uk> on 2006/06/29 01:42:07 UTC

trusted networks

As i understand it, in trusted networks you want to have any ip or ip range that you trust to be reporting correctly the details of the server from which it received the email.

If this is the case, presumably it is good to have the main service provider servers in this list.

So if i know that Yahoo always correctly report the ip of the person they receive the email from, i want to trust yahoo servers.

Have i understood this correctly?

If so, is there a list somewhere of large email service providers which are reliably going to report the ip they receive an email from, along with their various server ip addresses or ip ranges?

Thanks
Ben

Re: trusted networks

Posted by Matt Kettler <mk...@comcast.net>.

Ben Wylie wrote:
> As i understand it, in trusted networks you want to have any ip or ip range that you trust to be reporting correctly the details of the server from which it received the email.
>
> If this is the case, presumably it is good to have the main service provider servers in this list.
>
> So if i know that Yahoo always correctly report the ip of the person they receive the email from, i want to trust yahoo servers.
>
> Have i understood this correctly?
>   
Yes, however there's another stipulation.. By default, if undeclared,
internal_networks will copy the values of trusted_networks.

You do NOT under ANY condition want another ISP's mailservers to be
internal. Thus, if you expand trusted_networks to include outside ISPs,
you must declare internal_networks.

Generally speaking, you're best off with just configuring
trusted_networks to contain your mailservers, and nobody elses.

After all, consider that if an email has only been touched by trusted
hosts, ALL_TRUSTED will fire and subtract 1.8 points off the score.

I may trust yahoo to report IPs correctly. However, I don't trust their
users at all. I'd not apply trusted_networks to yahoo's severs for this
reason.

> If so, is there a list somewhere of large email service providers which are reliably going to report the ip they receive an email from, along with their various server ip addresses or ip ranges?
>