On Sun, Mar 30, 2008 at 07:23:17PM -0400, Matt Kettler wrote: > Arvid Ephraim Picciani wrote: >> Hi so again some undertsanding issue, i just got a mail from some gmail >> user. It got 5.1 points: >> >> 1.6 TVD_RCVD_IP TVD_RCVD_IP >> 1.7 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy >> [201.20.219.97 listed in combined.njabl.org] >> 0.0 RCVD_IN_SORBS_HTTP RBL: SORBS: sender is open HTTP proxy server >> [201.20.219.97 listed in dnsbl.sorbs.net] >> -0.0 SPF_HELO_PASS SPF: HELO matches SPF record >> -0.0 SPF_PASS SPF: sender matches SPF record >> 0.0 HTML_MESSAGE BODY: HTML included in message >> 1.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts >> 0.1 RDNS_DYNAMIC Delivered to trusted network by host with >> dynamic-looking rDNS >> >> thats pretty weird, becouse OF COURSE thats a dynamic IP he sent the >> mail from. I mean, you can't ssh into your server and mail from there. >> And i dont get why sorbs is listing it, if it's dynamic. anyone could >> have that ip. >> So what am i missing here? Why is SA complaining about the first >> received field beeing dynamic while imho thats kindof what it should be >> like. Most spam doesn't come from MUAs. >> Does that mean i should tell my MTA to not expose my ip to other MTAs >> so they dont think it's spam from a dynip? > > You probably have a broken trust path, and spamassassin is assuming > gmail's server is part of your local network.
There is nothing wrong. The overzealous RDNS_DYNAMIC rule hits the first one like it should. Then those RCVD_IN rules check all Received-headers, thus matching the IP that sent to gmail.
