Mailserver behind Source-NAT

[Frank Grötzner]

Hi all!

I've two questions:
1) I'm using Docker with Kubernetes as management to run my mail system 
with postfix, amavis and cyrus imap. This implies that all connections 
from the outside to postfix and also all connections between postfix and 
amavis are source natted to one and the same ip address. Thus 
ALL_TRUSTED is one of the most mentioned tests in the incoming mail 
headers, which is making a lot of spam passing through! :-/

Today I set "clear_trusted_networks" and "clear_internal_networks" in 
local.cf for spamassassin to see if this helps - but nevertheless this 
does not "feel right"(TM) ;-)

Any suggestions how to handle this "postfix behind SNAT" scenario best?


2) Before setting "clear_trusted_networks" and "clear_internal_networks" 
I received a mail with the following headers:

Return-Path: <owwi...@intensiver.biz.ua>
Received: from unforgotten.de ([10.244.91.1])
         by imap-p299l (Cyrus 
v2.4.17-caldav-beta10-Debian-2.4.17+caldav~beta10-18) with LMTPA;
         Tue, 22 Mar 2016 02:04:01 +0100
X-Sieve: CMU Sieve 2.4
Received: from localhost (unknown [10.244.91.1])
        by unforgotten.de (Postfix) with ESMTP id 0ED57118BB2
        for <f...@unforgotten.de>; Tue, 22 Mar 2016 02:04:00 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at unforgotten.de
X-Spam-Flag: YES
X-Spam-Score: 8.015
X-Spam-Level: ********
X-Spam-Status: Yes, score=8.015 required=5 tests=[ALL_TRUSTED=-1,
        DIGEST_MULTIPLE=0.001, FREEMAIL_FORGED_REPLYTO=2.503,
        HTML_MESSAGE=0.001, PYZOR_CHECK=1.985, RAZOR2_CF_RANGE_51_100=0.365,
        RAZOR2_CF_RANGE_E8_51_100=2.43, RAZOR2_CHECK=1.729,
        URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from unforgotten.de ([10.244.91.1])
        by localhost (unforgotten.de [10.244.91.14]) (amavisd-new, port 10024)
        with LMTP id 90ZE38lLT2an for <f...@unforgotten.de>;
        Tue, 22 Mar 2016 02:03:57 +0100 (CET)
Received: from intensiver.biz.ua (unknown [10.244.91.1])
        by unforgotten.de (Postfix) with ESMTP id 86885118BAB
        for <fr...@unforgotten.de>; Tue, 22 Mar 2016 01:03:57 +0000 (UTC)
Received: from intensiver.biz.ua (46037.vs.webtropia.com [62.141.46.37])
        by intensiver.biz.ua (Postfix) with ESMTPA id 8A7B86525BF2;
        Tue, 22 Mar 2016 02:18:28 +0200 (EET)
Message-ID: <ec8b01d183e1$1e5da970$085a57c4@owwiddl>
Reply-To: dzu...@mail.ru
From: "Buns" <owwi...@intensiver.biz.ua>
To: <brigitte.koehnl...@umwelt.bremen.de>
Subject: Unser Angebot ist der schnellste Weg zur Finanzierung Ihres 
Unternehmens

I'm wondering why ALL_TRUSTED is in the list, although there is an 
untrusted address: intensiver.biz.ua (unknown [10.244.91.1])
Can someone please explain this? :-)

Best regards,
Frank