Asif Iqbal wrote:
> On Thu, Dec 11, 2008 at 2:09 PM, Jeff Mincy <j...@delphioutpost.com> wrote:
>
>> From: mouss <mo...@netoyen.net>
>> Date: Thu, 11 Dec 2008 19:55:44 +0100
>>
>> Asif Iqbal a écrit :
>> > I have this in local.cf in qmail.here.net's /etc/mail/spamassassin dir
>> >
>> > whitelist_from_rcvd joe.sm...@here.com
>> qtdenexmbm24.AD.HERE.COM
>> >
>> > But email from that address still tagged as spam. What am I doing wrong?
>> >
>>
>> you should run the message through spamassassin -D to see which relays
>> are trusted.
>>
>> or you could get luck with:
>>
>> always_trust_envelope_sender 1
>>
>>
>> If you add a Relay header eg:
>> add_header all Relay trusted=_RELAYSTRUSTED_, untrusted=_RELAYSUNTRUSTED_
>>
>
> Added now
>
>
>> Then you want the rdns= from the first untrusted relay.
>>
>> In this case it is probably:
>> whitelist_from_rcvd joe.sm...@here.com here.com
>>
>> THe whitelist probably wont work for here.com
>> because of lack of reverse dns.
>> Received: from NO?REVERSE?DNS (HELO sudnp799.here.com)
>>
>> The debug output should confirm this.
>>
>
> The debug showed I have nothing in trusted=
>
> I guess I could just add qtdenexmbm24.AD.HERE.COM to the trusted
> network since it
> is the first received header when the mail went out
>
That won't do any good. Trust has to start at the most recent server,
and continue backward in tiem, unbroken. You can't have
(untrusted) -> (trusted) -> (untrusted 2) -> (mailserver running SA)
This is because "untrusted 2" isn't trusted, thus could be forging
headers, so from SA's perspective, although the middle header implies
"untrusted 2" got the message from a trusted host, SpamAssassin can't
trust it because it's information from an untrustworthy source. (If a
stranger tells you a package came from your brother, do you trust him
completely without any question that he might be lying?)
Quite frankly, this header:
Received: from NO?REVERSE?DNS (HELO sudnp799.here.com) ([55.7.32.99])
(envelope-sender <joe.sm...@here.com>)
by qmail.here.net (qmail-ldap-1.03) with SMTP
Implies that your trust is pretty much always going to be broken until
you fix RDNS on 55.7.32.99.
(I'm assuming that since everything is noted as "here.com" this is all
stuff inside your own network, if that's incorrect, please change the
headers to have different munged names for different domains and
indicate which one is your network vs outsiders)
>
>
