Matus, I feel that you are fighting a bigger battle than one rule in SA.
Without RDNS, you are running afoul of the postmaster rules of virtually every major email player. You will have massive deliverability issues.. You are asking for a bandaid when you've just lost a leg to shark biite and more are swimming around. You *MUST* fix RDNS to effectively email the world. It is a waste of time to look at email deliverability when that basic step is missed. -- Kevin A. McGrail VP Fundraising, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171 On Thu, Aug 30, 2018 at 9:46 AM, Matus UHLAR - fantomas <[email protected]> wrote: > On 30.08.18 09:24, Kevin A. McGrail wrote: > >> Thanks Matus. This is a good place to debate, thank you. >> >> Here is my response on the ticket: >> >> Outlook express ended production in June 2006. I'm not sure how much >> weight we can give to an email sent with it. >> > > note that the issue is exactly the same with Windows Live Mail, which, > while > unsupported, was available until Jan 2017 (and still seems to be used in > some organizations). > > The issue is at HDR_ORDER_FTSDMCXX_NORDNS with __RDNS_NONE. >> >> RDNS is an expected technology to setup a working mail server on the >> internet. >> > > as written below, it's not so easy in organizations where mail server is > maintained by diferent people than internal network. > (and mailserver is in DMZ, while internal DNS servers in internal networ). > > Fix that and you have nearly 5 point swing on your email as well as >> likely more negative scoring rules will fire. >> > > of course, there is more to fix and of course some of those fixes are > better > than others. > > However, I try to follow order: > > 1. what I can fix on mailserver > 2. what other admins can fix in the network > 3. what users can fix on their workstations. > > This is why I came with the ALL_TRUSTED workaround. > > Your focus on ALL_TRUSTED implies to me this is 100% internal mail. Is >> that correct? >> > > internal and/or outgoing. > > Do you (or anyone other) find problems when using ALL_TRUSTED? > > On Thu, Aug 30, 2018 at 9:14 AM, Matus UHLAR - fantomas <[email protected] >> > >> wrote: >> >>> the __HDR_ORDER_FTSDMCXXXX rule catches mail sent from windows live mail >>> (and outlook express, which, while obsolete, seems to be still used >>> often) >>> >>> That further causes hitting HDR_ORDER_FTSDMCXX_DIRECT and >>> HDR_ORDER_FTSDMCXX_NORDNS in cases where client uses the mail client on >>> local network, without SMTP authentication, and without DNS (which may be >>> quite common in some organizations). >>> >>> as a workaround, I recommend to add && !ALL_TRUSTED to >>> HDR_ORDER_FTSDMCXX_DIRECT and HDR_ORDER_FTSDMCXX_NORDNS rules. >>> >>> an example: >>> >>> X-Spam-Status: Yes, score=9.154 required=5.6 tests=[ALL_TRUSTED=-1, >>> DOS_OE_TO_MX=3.086, FSL_HELO_NON_FQDN_1=0.001, >>> HDR_ORDER_FTSDMCXX_DIRECT=1.999, HDR_ORDER_FTSDMCXX_NORDNS=3.5, >>> HTML_MESSAGE=0.001, MIMEOLE_DIRECT_TO_MX=0.293, RDNS_NONE=1.274] >>> autolearn=no autolearn_force=no >>> X-Mailer: Microsoft Outlook Express 6.00.2900.5931 >>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 >>> >>> I have filled out bug 7607, it got rejected immediately: >>> >>> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7607 >>> >>> >>> while I agree that fixing RDNS will help, internal networks DNS is not >>> always easy, especially when maintained by different people and when >>> internal DNS is in LAn, not in DMZ. >>> >>> >>> note that this problem has been reported on spamassassin-users a month >>> ago: >>> >>> http://spamassassin.1065346.n5.nabble.com/Problem-with-new- >>> rules-td152105.html >>> >>> >>> So, to avoid discussions on bugzilla, I prefer asking here: >>> >>> Is it really a problem to add && !ALL_TRUSTED to >>> HDR_ORDER_FTSDMCXX_DIRECT >>> and HDR_ORDER_FTSDMCXX_NORDNS ? >>> >>> (maybe even HDR_ORDER_FTSDMCXX_001C and HDR_ORDER_FTSDMCXX_BAT, if their >>> score will be more than zero) >>> >> > -- > Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > I feel like I'm diagonally parked in a parallel universe.
