On Thu, 5 Feb 2004, Jens Benecke wrote:
> Yes. And if the first IP is listed as an open relay, it gets tagged as SPAM.
> Even if the user that has the IP is no open relay, but a _different_ user
> that _had_ the (dynamic) IP a couple weeks ago _was_.
>
> That is my problem. It can only be fixed (IMHO) by seperating open relay
> lists on dynamic and static IPs.
For your own site you can fix this, create a meta-rule that says:
if RBL_DUL && RBL_PROXY-RELAY then give a negative score to adjust things.
> > Additionally, even if qmail did indicate that the transaction was via SMTP
> > AUTH, SpamAssassin really couldn't trust that information in the Received
> > line. A spammer could simply inject a fake Received line with the AUTH
> > markup. SA really can't trust any headers other than those that the end
> > MTA (or any configured trusted servers) have added, right?
>
> Yup.
>
> I need a way to find whether my header is the _first_ Received: header. But
> then I'd punish people who have their SMTP local server configured to relay
> via mine (which can be perfectly legitimate if they have an account).
Just customize your MTA to add a private locally unique header for
SMTP-AUTH connections and either bypass your SA filtering in that case
or trigger a local whitelist score.
If you were using sendmail & milter it would be pretty easy to do, as
the AUTH information is avalable to the milter.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
