Cedders wrote:
Henrik K wrote:
On Mon, Mar 02, 2009 at 05:16:37AM +0000, RW wrote:
As I understand it the difference between trusted and internal is that
PBL/DUL checks are done at the internal/external boundary so
they don't FP on mail submission into the trusted network.
Right.
[snip]
So given all the above, why do we have rules like:
header HELO_DYNAMIC_IPADDR X-Spam-Relays-Untrusted =~ /
^[^\]]+
helo=[a-z]\S*\d+[^\d\s]\d+[^\d\s]\d+[^\d\s]\d+[^\d\s][^\.]*\.\S+\.\S+[^\
]]+ auth= /i
Actually HELO_DYNAMIC_IPADDR2 and HELO_DYNAMIC_HCC were the ones I saw
totalling 8.69 points.
Surely these are also characteristics of clients that might validly
connect across the trusted/untrusted boundary? Should they not be
X-Spam-Relays-External ? (I know it's testing HELO rather than reverse
DNS, but Apple clients and servers apparently often use the reverse DNS
as the HELO, and this has caused some big FPs - the two rules above
togther score 8.69 on SA 3.2.3-0.volatile1 [Debian etch]).
Sorry, I've just seen
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5856
which makes this change to X-Spam-Relays-External.
The moral of this story, I think, is to upgrade to SA 3.3 and do
sa-update before adding any third-party hosts to trusted_networks, let
alone to internal_networks. Any chance of this going into sa-update for
SA 3.2.3 ?
Cheers
Cedders
