On Wed, Mar 19, 2008 at 08:08:01PM +0100, mouss wrote:
> Henrik K wrote:
>>
>> Inspired by this thread I submitted this, which should explain it:
>>
>> https://issues.apache.org/SpamAssass...ug.cgi?id=5856
>>
>>

>
> it's because you are trusting the ISP MSA. I am not. I only trust my ISP
> and my registrar MX. no MUA should talk to them.
>
> *-external wouldn't bring me anything, because I am already doing checks
> at the MTA level, so the zombie won't get to SA if it matches such
> rules. In particular, I reject non fqdn helo on the MX unconditionally
> (I know this may catch misconfigured sites, but I currently don't care).


You are missing the point. It doesn't matter if it's not bringing _you_
anything. The correct method is External. If you don't have any extra
trusted_networks set, it works identically no matter which you use. But for
those who want to do something that's documented and correct, it needs to be
External.