Re: trusted networks

[Matt Kettler <mk...@comcast.net>]

Ross Boylan wrote:
> On Thu, 2006-06-29 at 19:52 -0400, Matt Kettler wrote:
>   
>> Ross Boylan wrote:
>>     
>>> On Thu, 2006-06-29 at 00:30 -0400, Matt Kettler wrote:
>>>
>>>   
>>>       
>>>> No, internal must never receive mail directly from a dialup node. SA
>>>> applies DUL RBLs and other such tests against hosts delivering mail to
>>>> internal hosts.
>>>>     
>>>>         
>>> I thought internal_hosts never get mail from DUL RBLs.  So why would SA
>>> check if that is happening?
>>>       
>> And why wouldn't they?
>>
>>     
> I thought DUL RBLs caught dial-up hosts, which seems to be the case
> according to
> http://www.ja.net/CERT/JANET-CERT/mail/mail-abuse/rbl-plus-guide.html.
>
> And I thought if a system received mail from such sources, it shouldn't
> go in internal_networks.
>   
First, a clarification:

I'm a little concerned that you're thinking of "internal" as meaning
"your internal lan"... internal to spamassassin means your entire
network. Including your MX (the server that receives mail from the
outside world).

Well, if a system is *INTENDED* to receive mail direct from DUL sources,
it should not go into internal_networks.

However, your MX is perfectly capable of getting mail direct from a
dialup node. But in general, your MX is NOT intended to get mail
directly from dialup nodes. It's intended that dialup users relay
through their ISP servers.

Som it's not that internal hosts never do get mail from dialup nodes, it
happens all the time. It's just that it's not supposed to, so that which
it does get is mostly spam.

SA checks for such things and considers it a strong spam sign. Very much
on purpose.