https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5941
--- Comment #9 from Tom Fernandes <[EMAIL PROTECTED]> 2008-08-03 08:01:38 PST --- After reading in lib/Mail/SpamAssassin/Message/Metadata/Received.pm and doing some tests I think that the issue is that my SMTP-AUTH with the GMX SMTP server is not recognized by SA. AFAICT there is nothing in GMXs received headers where SA can tell from that I've been authenticating with GMX before sending my mail. It looks like GMX adds the "X-Authenticated" header for that but SA can't rely on that as it can be easily forged. When I modify GMXs received header in the mail manually (switch SMTP with ASMTP) and the according part in Received.pm (the line where GMXs mailserver is matched) so that SA thinks that I've been authenticated before relaying through GMX, the connection is trusted and the SPF and other rules are not run on the dynamic IP. It looks like this is a problem for all GMX users, using a pop fetcher + SA when receiving mails from somebody sending from a GMX account using a dialup IP. It does not make a difference if the sender uses SMTP or GMX webfrontend for sending. In both cases SA doesn't find out that the user authenticated before using GMX. Wouldn't it be possible to trust GMX server if it is the first hop in the received headers and it's not listed as an MX?. AFAICT GMX is known to authenticate all users who are relaying through them and the MX servers don't allow relaying (I did a fast telnet-check). If the headers of a mail send through the webfrontend is of any help - let me know. thanks, Tom -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
