> Jari Fredriksson wrote: > > It apparently was never seen by SpamAssassin, if there were no X-Spam-* > > -headers. > > > > How you call SpamAssassin? Any whitelisting there, do you call > > SpamAssassin for your own mail? It seems the sender address is same as > > receiver address. Whitelisted somehow, and maybe not inspected by > > SpamAssassin?
On 24.07.09 01:31, snowweb wrote: > This is the SPF record on the recipient domain: > "v=spf1 a mx ip4:216.108.227.20 ?all" > > I'm thinking to change it to -all as I'm fairly sure that everyone is using > our mailserver to send mail on the domain. Do you think that might solve it? no, the SPF doesn't affect the fact if mail gets scanned. At least not in your example unless I've missed anything. > Also, you're correct that the From: header is the same as the recipient > (obviously spoofed), but the envelope is from an external sender and also > the first Received: line acknowledges that it was received from an external > server and email address. Which line does it check the SPF record of, just > the spoofable From: or one of the others? the SPF is checked on yout internal network boundary, but only if spamassassin gets the file to scan. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I feel like I'm diagonally parked in a parallel universe.
