Am 13.09.25 um 08:44 schrieb Stephen J. Turnbull:
I glad you found a solution to the immediate problem. However, that
SPOOFED_NOAUTH error strongly suggests that whitelisting your own
host(s) shouldn't be necessary. I can't think of a way where a future
change in your configuration would result in problems, so there's no
hurry, but I would like to know what rspamd was complaining about for
future reference.
I've done a bit of testing and come to the following conclusion:
My DKIM, SPF, and DMARC settings are correct. Everything works perfectly
on a mailing list that isn't anonymous. I also receive DMARC reports
confirming this.
As soon as I change a test list to anonymous, I get a hit from my own
RSPAMD (running on my MTA, mailcow), meaning the email isn't delivered
to the list recipients.
The triggering rule states:
SPOOFED_UNAUTH (50) and is determined as follows:
(1) !MAILCOW_AUTH &
(2) !MAILCOW_WHITE &
(3) !RSPAMD_HOST &
(4) !SIEVE_HOST &
(5) MAILCOW_DOMAIN_HEADER_FROM &
(6) !WHITELISTED_FWD_HOST &
(7) -g+:policies (50)
This means that nothing is checked here with signatures (DKIM, ARC,
SPF), etc.
(1) mailman and mailcow are integrated via a Docker network, meaning
mailman is not logged in as SMTP user.
In my case, this should always be TRUE (the sender is "not authorized").
(2), (3), (4), (6) Exception IPs that are allowed to send emails for
various reasons.
(5) This is FALSE for a non-anonymized list (which is why I don't have a
problem with non-anonymized lists).
For an anonymized list, this is TRUE.
As a solution, I now entered the delivering IP in (6) (this can be done
via the Mailcow UI as a forwarding host).
I had actually done this before and tried it without success.
However, I made the mistake of specifying mailman's Docker network
(172.29.199.0/24). In my scenario, the delivering IP is actually the
gateway of mailcow's docker network (172.22.1.1).
(Reminder: my scenario is described here:
https://docs.mailcow.email/third_party/mailman3/third_party-mailman3/)
Conclusion:
With the correct IP as the allowed forwarding host, it now works for me too.
That should be fine now – or have I missed something?
_______________________________________________
Mailman-users mailing list -- mailman-users@mailman3.org
To unsubscribe send an email to mailman-users-le...@mailman3.org
https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
Archived at:
https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/TMSGQAGEFMCKE256SZGI35PBKMQVQULK/
This message sent to arch...@mail-archive.com
