This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

Assuming SpamAssassin is running on 'internal.example.com', and the TrustPath on that machine is set up to trust the DMZ machine 'dmz.example.com' at 150.51.53.1 (and also consider that internal using internal_networks), and a trustworthy external machine 'friend.example.com' at 212.17.35.14, this means that the message passed through the following relays:

  • Wiki Markup
    *Untrusted* source at evil.example.net \[144.137.3.98\]

  • Wiki Markup
    *Untrusted* relay at chaos.example.net \[210.73.88.134\]

  • Wiki Markup
    *Untrusted* relay at loser.example.org \[61.119.13.18\]

  • Wiki Markup
    *Untrusted* relay at notrust.example.com \[193.120.149.226\]

  • Wiki Markup
    *Trusted* relay at friend.example.com \[212.17.35.14\]

  • Wiki Markup
    *Trusted* and *internal* relay at dmz.example.com \[150.51.53.1\]

  • Wiki Markup
    *Trusted* and *internal* localhost handover at internal.example.com \[127.0.0.1\]
    \\

A side note: the header lines for 'evil', 'chaos', and 'loser' could all be faked, for all we know, since who knows if an untrusted host is running legitimate MTA software, or is under the control of a spammer? Therefore, it's unwise to trust things you find in untrusted headers. (One exception to this is discussed at the end of this article.)

...