Here are some excerpts of an email's headers and SA content details:
Received: from smtp01.mail.yourwebhosting.com (zero.mail.bluedomino.net
[64.49.241.20] (may be forged))
by lennon.prairiegroup.com (8.12.8/8.12.8) with ESMTP id i4CNWC43027187
for <[EMAIL PROTECTED]>; Wed, 12 May 2004 18:32:12 -0500
Received: from mail.bremanda.com (unknown [192.168.1.24])
by smtp01.mail.yourwebhosting.com (Postfix) with ESMTP
id 895B9B9944; Wed, 12 May 2004 18:33:25 -0500 (CDT)
Received: from 68.79.16.194
(SquirrelMail authenticated user [EMAIL PROTECTED])
by webmail.yourwebhosting.com with HTTP;
Wed, 12 May 2004 18:51:30 -0500 (CDT)
...<snip>...0.7 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[<http://dsbl.org/listing?ip=68.79.16.194>]
3.5 RCVD_IN_NJABL_DIALUP RBL: NJABL: dialup sender did non-local SMTP
[68.79.16.194 listed in dnsbl.njabl.org]
2.6 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
[68.79.16.194 listed in dnsbl.sorbs.net]
0.1 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org
[68.79.16.194 listed in dnsbl.njabl.org]
0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
[68.79.16.194 listed in dnsbl.sorbs.net]It looks like this was sent from a dial up user, but directly to my server (lennon.prairiegroup.com).
In my local.cf I have:
trusted_networks 10.0.0.0/8 trusted_networks 207.208.92.128/32
The first being our private network behind the NAT and the later being the globaly unique address of our mailserver, where SA is running, in front of the NAT. On our internal network the hostname of this server resolves to an address in this trusted network range. That IP address reverse resolves to the hostname.
Martin
