Charles Gregory a écrit : > > Excuse if threading breaks, but I have to copy and paste from the > archives. I'm not getting deliveries from the list (due to a bounce > somehow disabling deliveries). Currently contacting list owner to > resolve this odd issue. Well, at least I can still post.... :) > > mouss <mo...@ml.netoyen.net> said: >>> Quick question: Does Spamassassin's "RCVD" tests also check headers >>> labelled "X-Originating-IP"? >> yes. > > (nod) Certainly makes sense of the unexpected scores. But I am wondering > if I have made some wrong presumptions about the behaviour of tests for > dynamic IP's? Or perhaps dynamic IP's should *not* be scored if they > appear in 'Originating IP'? Or scored lower than if they appear in the > first RCVD header (or any RCVD header). >
if you mean checks against PBL and the like, these are only done for the "last external" Received header. unless you have an old version of SA (initially, there were only trusted vs untrusted networks. then internal networks were added). > The issue, of course, is not with actual 'dynamic' tests, but with > BL_SPAMCOP_NET having listed the dynamic IP. This is a different issue. unfortunately, there is not much to do unless spamcop (and other DNSBLs) have a full list of dynamic IPs. note that spamcop listings expire automatically. if this is really a problem for you, change the rule to use "last-external" (take a look at the PBL rule and you'll see what I mean). > I realize this is another > 'flavor' of an ages old problem - what happens when an 'innocent' user > 'inherits' a dynamic IP blocked for spammy activity. If the ISP blocks port 25, the "dynamic" IPs won't be listed. otherwise, some will argue that it is the ISP fault. unfortunately, it is hard to deal with this problem in an effective manner (avoid FPs but still stop junk from owned boxes...). > But I'm wondering > if there is just a way to recognize when this 'new' user makes proper > use, goes through their legitimate SMTP server, or uses webmail? > Yes, I > realize that technically SPF is supposed to help with this, not at all. but I am not an spf fan, so take this as a biased opinion... > but I get > too many false negatives to rely on 'SPF PASS'... > > - Charles >
