Noel Jones a écrit : > [snip] > Looking at the headers of the message you sent to the list: > > Received: from neskowin.linfield.edu (neskowin.linfield.edu > [192.147.171.21]) > by russian-caravan.cloud9.net (Postfix) with SMTP id 55D0AFD9F3 > for <postfix-users@postfix.org>; Wed, 4 Mar 2009 14:33:37 -0500 (EST) > Received: from neskowin.linfield.edu (localhost.localdomain [127.0.0.1]) > by linfield.edu (Postfix) with SMTP id 596B158120 > for <postfix-users@postfix.org>; Wed, 4 Mar 2009 11:33:36 -0800 (PST) > Received: from exchangedb.wfo.linfield.edu (exchangedb.wfo.linfield.edu > [10.170.131.27]) > by neskowin.linfield.edu (Postfix) with ESMTP id 410365811C > for <postfix-users@postfix.org>; Wed, 4 Mar 2009 11:33:36 -0800 (PST) > Received: from 10.219.255.241 ([10.219.255.241]) by > exchangedb.wfo.linfield.edu ([10.170.131.27]) via Exchange Front-End > Server exchange.linfield.edu ([10.170.131.28]) with Microsoft Exchange > Server HTTP-DAV ; > Wed, 4 Mar 2009 19:33:36 +0000 > > the only numeric HELO I see is from the originating client.
but if that's the explanation, then it's a bug, because that one was submitted with HTTP-DAV, so there's no HELO at all. > IMHO > SpamAssassin should not be applying this test to all headers, only the > topmost "trusted" header. hmm. I am more interested with detecting borked hops before the last one (which would be rejected by postfix). I don't remember if I asked this here or on SA list (I think it was on SA list), but which (not oudated) clients still helo with a naked IP? time to nake'em, no? > Next wild guess is that the recipient server > has misconfigured SA. most probably, it's in stock SA. there was some recent discussion about this. I think the helo checks in SA need a review... > > You can "fix" this with a header_checks rule to either REWRITE the > offending header to "X-Received:..." or just IGNORE (remove) it. > > -- Noel Jones >