Hi Matt, > > Do you see any problems (e.g. holes for spammers) with this logic? > > The only problem I see is split-DNS configurations where there's an > internal server (ie: exchange) being used as the MX in the internal > view. As a result, SpamAssassin might see a completely different host as > the MX than the outside world.
You are right. I did not think about this but know that it is not an uncommon setup. > Personally, I think a better way to go would be to have a config option > that selects whether the first public is trusted or not. This way the > end user could choose which of the two guessing methods to use. Using the first public address is a good idea. It will help in most cases but not work with the following setups: 1. the ISP running the MX uses different servers for MX and storage or forwarding. The storage/forwarding server will in be the first public received line but not the real MX. 2. Use of public addresses in the local network (e.g. within a DMZ or because of misuse of public addresses) I have especially seen case 1 at a lot of bigger ISPs. I'm still thinking how to fix it. Kind regards, Gerd
