pilot error? or idiots at microsoft?

Mark Martinec Mark.Martinec+amavis at ijs.si
Fri Aug 12 16:49:44 CEST 2011


> in fact, any connection to amavis from 169* would be
> strange... unless your laptop also did not get a good ip and pulled a
> 169* address.

Yes. It would be unusual, although not impossible.
Possible only when both were connected to the same LAN segment
and the MTA's interface would have an 192.168.x.x address configured
as an alias - highly unlikely.

> in SA default 'local.cf'  I think they have internal_networks 192.168/16
> 10/8 172.16/12.  might need 169.254/16.
> this doesn't give the internal network the right to relay, and, most
> installs will override internal_* and trusted* with their outbound mail
> server ip's, and you still have to set the mynets up in amavisd to
> include/not include 169*.
> but, given this discussion, I think Ill post a bugzilla to SA.
> internal_networks don't trigger DCC, PYZON,RAZOR, SPF or RBL checks.
> > It is exactly the same argument why one can and should safely
> > include the in the trusted_networks list. The same
> > applies to private address ranges and link-local address space.
> i think SA from (3.2* onward include by default?) it you put
> it it yourself, you get a lint warning:
>   warn: netset: cannot include as it has already been included

I think it was a mistake to put in the list by default but not
other private and local address ranges. And even a bigger mistake to
issue a warning when one tries to explicitly add the to the list.
But this is merely an aestetical / user experience topic. One should list
all private and scoped address ranges, keeping in mind that
is already included, and that failing to list some private address range
which is not used within an organization does no harm.

> so, question begs:  I think this is in default local.cf:
> grep networks local.cf
> internal_networks  192.168/16 172.16/12 10/8
> should SA add 169.254/8 by default for completeness?

As documented, the and ::1 are the address ranges
that are always automatically included in internal_networks
and trusted_networks. Anything beyond that comes from
your local.cf file. There are no other defaults. The local.cf
that comes with a distribution is merely an example file,
one should check it out and adjust according to a local setup.

If 192.168/16 were to be included by default, so should the, and, as well as scoped IPv6
addresses. I don't think there is a need for that. I'd even exclude the
current default, but making such a change now would add to confusion.


More information about the amavis-users mailing list