Matthias Leisi wrote > On Tue, Jul 2, 2013 at 7:09 PM, Andreas Schamanek > <
> [email protected] > > wrote: > >> 2) ... mail servers (tu-graz.ac.at and ethz.ch are 2 examples) who >> forward their former users' mail to external addresses without prior >> filtering. ... They are whitelisted (in this case by JMF-WHITE and >> DNSWL_MED) >> which (would) lead to false negatives. Moreover, it renders our >> statistical analyses useless for their IPs. > > Put such sources in SA's trusted_networks. This also ensures that > blacklists (and whitelists) are applied to the IPs delivering to these > forwarding systems. Thanks, I didn't think about adding these sources to trusted_networks. It works (mostly), however it fixes only the SA part of the problem. I still think that spam must not be sent, ever. And that whitelists shouldn't list relaying IPs :/ Anyway, using trusted_networks I found that it doesn't work fully unless I manage to list their complete mail infrastructure. I didn't know that IPs from trusted_networks can actually be subject to evals. For instance: trusted_networks 82.130.75.186 82.130.99.26 129.132.202.4 129.132.183.133 still checks (and whitelists) 82.130.75.186 in case of Received: from tuvok.kom.tuwien.ac.at (tuvok.kom.tuwien.ac.at [192.35.241.66]) by mail.fam.tuwien.ac.at (8.14.3/8.14.3/Debian-9.4) with ... Received: from edge20.ethz.ch (edge20.ethz.ch [82.130.99.26]) by tuvok.kom.tuwien.ac.at (8.14.5/8.14.5) with ... Received: from CAS10.d.ethz.ch (172.31.38.210) by edge20.ethz.ch (82.130.99.26) with Microsoft SMTP Server ... Received: from edge10.ethz.ch (82.130.75.186) by CAS10.d.ethz.ch (172.31.38.210) with Microsoft SMTP Server ... Received: from phil4.ethz.ch (129.132.183.133) by edge10.ethz.ch (82.130.75.186) with Microsoft SMTP Server ... Received: from [65.59.210.13] (helo=mail2.soforum.com) by phil4.ethz.ch with esmtp (Exim 4.69) ... Only if I also add 172.31.38.210 (private address from a reserved block) it works as I expected it. Looks like I will use trusted_networks to save some CPU cycles but I'll also keep my meta rules. -- -- Andreas -- View this message in context: http://spamassassin.1065346.n5.nabble.com/Spam-via-whitelists-tp105635p105643.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
