On 7/20/22 3:19 PM, Mark Milhollan via mailop wrote:
On Tue, 19 Jul 2022, Matt Corallo wrote:
Relevant headers below, but note that its actually the very first Received header that matches
SBL-CSS.
You are via Spamassassin doing what Google does and I guess at least some other Spamassassin users
do -- presuming to know how earlier hops should have authenticated/judged their peers because of how
you would have. Yes Microsoft should get their internal system off the Spamhaus list since it uses
a GUA, but it is risky to decide how others should have made their decisions. Since it is your MTA
your rules, it is also fine that you lose mail for that rule.
I don't believe SA does authentication checks on all Received: lines, no, it only runs them through
the various DNSBLs. I don't see why "you relayed mail from something in a DNSBL" should be avoided
as one of the many signals in spam classification. Just because some other server decided it wasn't
spam doesn't mean I should accept their classification, and more signals doesn't generally hurt, at
least properly tuned.
Matt
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
