Hi all!
I've two questions:
1) I'm using Docker with Kubernetes as management to run my mail system
with postfix, amavis and cyrus imap. This implies that all connections
from the outside to postfix and also all connections between postfix and
amavis are source natted to one and the same ip address. Thus
ALL_TRUSTED is one of the most mentioned tests in the incoming mail
headers, which is making a lot of spam passing through! :-/
Today I set "clear_trusted_networks" and "clear_internal_networks" in
local.cf for spamassassin to see if this helps - but nevertheless this
does not "feel right"(TM) ;-)
Any suggestions how to handle this "postfix behind SNAT" scenario best?
2) Before setting "clear_trusted_networks" and "clear_internal_networks"
I received a mail with the following headers:
Return-Path: <owwi...@intensiver.biz.ua>
Received: from unforgotten.de ([10.244.91.1])
by imap-p299l (Cyrus
v2.4.17-caldav-beta10-Debian-2.4.17+caldav~beta10-18) with LMTPA;
Tue, 22 Mar 2016 02:04:01 +0100
X-Sieve: CMU Sieve 2.4
Received: from localhost (unknown [10.244.91.1])
by unforgotten.de (Postfix) with ESMTP id 0ED57118BB2
for <f...@unforgotten.de>; Tue, 22 Mar 2016 02:04:00 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at unforgotten.de
X-Spam-Flag: YES
X-Spam-Score: 8.015
X-Spam-Level: ********
X-Spam-Status: Yes, score=8.015 required=5 tests=[ALL_TRUSTED=-1,
DIGEST_MULTIPLE=0.001, FREEMAIL_FORGED_REPLYTO=2.503,
HTML_MESSAGE=0.001, PYZOR_CHECK=1.985, RAZOR2_CF_RANGE_51_100=0.365,
RAZOR2_CF_RANGE_E8_51_100=2.43, RAZOR2_CHECK=1.729,
URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from unforgotten.de ([10.244.91.1])
by localhost (unforgotten.de [10.244.91.14]) (amavisd-new, port 10024)
with LMTP id 90ZE38lLT2an for <f...@unforgotten.de>;
Tue, 22 Mar 2016 02:03:57 +0100 (CET)
Received: from intensiver.biz.ua (unknown [10.244.91.1])
by unforgotten.de (Postfix) with ESMTP id 86885118BAB
for <fr...@unforgotten.de>; Tue, 22 Mar 2016 01:03:57 +0000 (UTC)
Received: from intensiver.biz.ua (46037.vs.webtropia.com [62.141.46.37])
by intensiver.biz.ua (Postfix) with ESMTPA id 8A7B86525BF2;
Tue, 22 Mar 2016 02:18:28 +0200 (EET)
Message-ID: <ec8b01d183e1$1e5da970$085a57c4@owwiddl>
Reply-To: dzu...@mail.ru
From: "Buns" <owwi...@intensiver.biz.ua>
To: <brigitte.koehnl...@umwelt.bremen.de>
Subject: Unser Angebot ist der schnellste Weg zur Finanzierung Ihres
Unternehmens
I'm wondering why ALL_TRUSTED is in the list, although there is an
untrusted address: intensiver.biz.ua (unknown [10.244.91.1])
Can someone please explain this? :-)
Best regards,
Frank