Carlos, > On my Postfix server, when my co-workers VPN from their laptops from > home, they then send mail via Outlook and their ISP IP address. When > the message gets to it's recipient, it's marked ***SPAM*** by SA. > User's are complaining that email from internal users are being marked > as 'spam' and they don't know why. When I check the message source, I > can see that the user is connected to their personal ISP > (tampabay.res.rr.com in this case) to tunnel / VPN in and send mail > from their work account. My question is what can I fix to eliminate > this confusion for my co-workers w/o compromising actual spam to get > through? If this is good normal behavior from SA / Postfix, then I > will leave it alone based on your expect recommendations however if > you think I can tune Postfix / SA to handle mail better, I would > greatly appreciate any suggestions. I see below in the headers that > the message is being tagged as spam due to parameters that are typical > or big ISP's.
I believe the cleanest solution is to split mail submission mailer (MSA) from a MX (receiving inbound mail). It is not necessary to have two separate hosts for that, it suffices to have two IP addresses. The key point here is that a MSA only accepts mail from your own users, authenticated one way or the other (by an IP address, by SASL, by TLS certs, by POP-before-SMTP, by ssh/vpn, ...). Such setup makes two things possible: - by specifying the MSA IP address in SpamAssassin's 'msa_networks' you solve the RCVD_IN_SORBS_DUL and similar rules false positives; - it allows amavisd to treat mail from your own users differently from the rest, e.g. add DKIM signatures, disclaimers, use less strict banning rules or higher spam thresholds, ... This is achieved by letting mail coming from a MSA be fed to a dedicated TCP port in amavisd, to which an 'ORIGINATING' policy bank can be attached. Mark ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
