Henrik K writes:
> On Fri, Oct 24, 2008 at 11:35:20AM +0200, Matus UHLAR - fantomas wrote:
> >
> > it ALL depends on
> > - how much of trusted hosts you have and how much %spam are they relaying
> > - how much is your CPU/memory/network loaded with spam scanning
> >
> > You provided reasons why to do shortcircuit, I provided reasons why not
> > to...

>
> You provided a single reason ("you might get spam"), which was not very
> insightful.
>
> If some ALL_TRUSTED is sending lot of %spam, then your setup is faulty.
> Remove such bad hosts. It's not a reason not to use SC.
>
> By whitelisting (with SC), I want to make SURE I don't get any FPs from
> there. The possibility of FNs is much less serious.
>
> Of course you could skip SA completely, but it would require coding
> equivalent of all_trusted, whitelist_from_spf/dkim to somewhere else.


for what it's worth, it makes perfect sense to s/c on ALL_TRUSTED, in my
opinion. that's my recommended configuration.

whitelist_from_spf/dkim is a little trickier, since it means that those
network tests have to then run upfront, before any of the other tests. But
in a non-s/c configuration, they'll be run eventually anyway, so it
doesn't make much difference; it only makes a difference if you're already
using s/c with some other criteria.

But yes, your setup makes perfect sense, if you ask me.

--j.