You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2007/01/02 18:29:46 UTC
Re: localhost bypass?
Matt Kettler writes:
> Sander Holthaus wrote:
> > Jason Faulkner wrote:
> > >>> trusted_networks 127.0.0.1
> > >>> internal_networks 127.0.0.1
> > >>>
> > >> trusted_networks is *NOT* a whitelist. Do NOT try to use it as one.
> > EVER.
> > >>
> > > I'm confused as to what you mean by this. I'm using these in my
> > > environment, and they do a good job of making sure that mail relayed
> > > through my internal networks don't get marked as spam.
> >
> > I'm not sure about that either, but I would say that in many
> > environments, 127.0.0.1 belongs to both the trusted and internal
> > networks. In fact, it is hard to imagine an environment where
> > 127.0.0.1 is neither trusted or internal, as it is the host running
> > spamassassin or it refers to an external trusted host.
>
> I'm not saying 127.0.0.1 doesn't belong in internal/trusted networks.
>
> I'm saying that don't expect to whitelist a host by adding it to either.
>
> trusted_networks is NOT a whitelist.
> internal_networks is NOT a whitelist.
>
> Now, properly used they can have a significant impact on how your SA
> scores mail, but too few hosts here is just as bad as too many.
>
> Therefore, DO NOT try to use these settings as a whitelist. Configure
> them to match your network topology, not your whitelist desires.
To be honest, I intended them as a whitelist ;)
If a message never touched an untrusted host (ALL_TRUSTED), in
a correctly-configured trust setup, is that not safe to whitelist?
--j.
Re: localhost bypass?
Posted by "Thomas S. Crum" <ts...@aaawebsolution.com>.
Then isn't it unnecessary/redundant to send it through SA at all?
On Tue, 2007-01-02 at 17:29 +0000, Justin Mason wrote:
>
> To be honest, I intended them as a whitelist ;)
>
> If a message never touched an untrusted host (ALL_TRUSTED), in
> a correctly-configured trust setup, is that not safe to whitelist?
>
> --j.
Re: localhost bypass?
Posted by Matt Kettler <mk...@verizon.net>.
Justin Mason wrote:
> To be honest, I intended them as a whitelist ;)
>
> If a message never touched an untrusted host (ALL_TRUSTED), in
> a correctly-configured trust setup, is that not safe to whitelist?
>
>
Only if the trust-path auto-detector code works perfectly, for all
sites. Which is impossible.