On Mon, 2013-05-13 at 17:40 -0500, Bill Polhemus wrote: > If this isn't the correct place for this, please excuse the faux pas. > > I've added a couple of network ranges covering "known good" networks > like places of work, to the -i option for spamass-milter. > > The spamass-milter man-page says this will cause sa-m to "ignore > messages if the originating IP" is in that list. > > Any way to get it to look at the ACTUAL originating address? > First off, I endorse Robert's recommendation to use getmail rather than fetchmail. Its less buggy, doesn't have the same tendency to leave read but undeleted messages in your ISP's mailbox that its getting mail from and the MDA pipeline/script you're using with fetchmail will work with getmail with no modifications needed.
As to the letting SA check the origination addresses, my setup looks like this: internal_networks 192.168.7/24 trusted_networks 192.168.7/24 trusted_networks IPs.of.my_ISP's.mail_servers All my local hosts are in the 192.168.7.0 subnet. Your ISP's mail server(s) should included as part of your trusted network because they do not originate spam, though spam from, e.g. other users of the SAME ISP, may do so. By including the ISP's mail servers in trusted networks you're telling SA to examine the addresses one hop further out than them, which is what you want. HTH Martin