From: "kfx" <[email protected]>
On 3/8/11 9:09 AM, Giampaolo Tomassoni wrote:
Received: from famiglio
(host112-207-dynamic.8-79-r.retail.telecomitalia.it
[79.8.207.112]) (Authenticated sender: *******)
by c0.edlui.it (Postfix) with ESMTPA id 2AF86472390
for <[email protected]>; Mon, 7 Mar 2011 17:51:33 +0100 (CET)
this adds to the score !
What? Why?!? Which SA rule does it trigger?
RDNS_DYNAMIC on SA 3.2.5
The default score is very low and I raised it, so no worry :)
Mmmh. You shure it is that Received: which raises the RDNS_DYNAMIC ?
http://wiki.apache.org/spamassassin/Rules/RDNS_DYNAMIC
The "last untrusted relay" is not the last in the Received: list, but
instead the first in the list outside of the "ring of trust" you defined in
SA (internal_networks, trusted_networks, possibly even msa_networks).
Here I guess you trusted de.postfix.org , so the problem may be this:
Received: from c0.edlui.it (host242-201-149-62.serverdedicati.aruba.it
[62.149.201.242]) by de.postfix.org (Postfix) with ESMTP
for <[email protected]>; Mon, 7 Mar 2011 17:22:10 +0100 (CET)
Unfortunately:
1) 62.149.201.242 is static;
2) I can't change its rDNS to make it match c0.edlui.it.
Running it on my SA I get some score from STOX_REPLY_TYPE and
STOX_REPLY_TYPE_WITHOUT_QUOTES, because I was so silly to reply to an
announcement message in the new list and there rewrite the message from
scratch...
But that accounts for more or less 2.2 points (SA 3.3.1 with updated
ruleset)..
maybe the postfix at c0.edlui.it should remove this header (mainly for
privacy reason,
not only to make me continue to be lazy with my SA's config..)
/^Received:.*Authenticated sender:.*/ IGNORE
There is no privacy concern in this:
It may not be dramatic but this Received header gives the IP address of
the user and so his location when he sent this email (my boss asked me to
take it away...)
Well, right. But this is also a very useful information in order to detect a
spam source and not being tied with it. If you report a spam to SpamCop, in
example, and you have an account there which gives a bit of trust to your
mail server, the Received: you pointed out is the one SC uses to spot (and
possibly blacklist) the source. Otherwise, the source would instead be your
mail server, which is far worse!
Received: from famiglio
(host112-207-dynamic.8-79-r.retail.telecomitalia.it
[79.8.207.112]) (Authenticated sender: *****)
by c0.edlui.it (Postfix) with ESMTPA id 729A23A9162
for<[email protected]>; Tue, 8 Mar 2011 09:09:22 +0100 (CET)
But as Benny Pedersen said, if it breaks dkim it may not be a good idea.
I really need to revamp my conf... :)
Also, I recall that someone in the SA user list (or users list? ;) ) was
firmly suggesting to upgrade existing 3.2.x installations to 3.3.x. Can't
remember why, sorry.
Giampaolo
