I am running SA on my private mail server. Mail comes in directly for one
domain (using no-ip.com to get around a port block), and via fetchmail for
several others. I have listed the MXes at no-ip.com and the ISP machines
that fetchmail goes to as "trusted", and my (static) domain IP as
"internal".
Using a single test email that is known to be spam, portions of the
SA debug output look like this:
Sep 17 19:24:51.580 [939] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
Sep 17 19:24:51.581 [939] dbg: dns: IPs found: full-external: 216.178.94.75, 127.0.0.1, 216.178.66.140, 67.234.193.117, 10.11.48.81
untrusted: 67.234.193.117 originating:
Sep 17 19:24:51.581 [939] dbg: dns: only inspecting the following IPs:
67.234.193.117
...
Sep 17 19:24:51.584
[939] dbg: dns: checking RBL bl.mailspike.net., set mspike-lastexternal
Sep 17 19:24:51.584 [939] dbg: dns: IPs found: full-external: 216.178.94.75, 127.0.0.1, 216.178.66.140, 67.234.193.117, 10.11.48.81
untrusted: 67.234.193.117 originating:
Sep 17 19:24:51.584 [939] dbg: dns: no untrusted IPs to check
...
Sep 17 19:24:51.584 [939] dbg: dns: checking RBL bb.barracudacentral.org., set
brbl-lastexternal
Sep 17 19:24:51.584 [939] dbg: dns: IPs found: full-external: 216.178.94.75, 127.0.0.1, 216.178.66.140, 67.234.193.117, 10.11.48.81
untrusted: 67.234.193.117 originating:
Sep 17 19:24:51.585 [939] dbg: dns: no untrusted IPs to check
...
Sep 17 19:24:51.585 [939] dbg: dns: checking RBL sa-trusted.bondedsender.org.,
set ssc-firsttrusted
Sep 17 19:24:51.585 [939] dbg: dns: IPs found: full-external: 216.178.94.75, 127.0.0.1, 216.178.66.140, 67.234.193.117, 10.11.48.81
untrusted: 67.234.193.117 originating:
Sep 17 19:24:51.585 [939] dbg: dns: only inspecting the following IPs:
67.234.193.117
...
Sep 17 19:24:51.586 [939] dbg: dns: checking RBL zen.spamhaus.org., set zen
Sep 17 19:24:51.586 [939] dbg: dns: IPs found: full-external: 216.178.94.75, 127.0.0.1, 216.178.66.140, 67.234.193.117, 10.11.48.81
untrusted: 67.234.193.117 originating:
Sep 17 19:24:51.586 [939] dbg: dns: only inspecting the following IPs:
67.234.193.117
...
X-Spam-RelaysUntrusted: [ ip=67.234.193.117 rdns= helo=pa-67-234-193-117.dhcp.embarqhsd.net
by=spamfilter.netcarrier.com ident= envfrom= intl=0 id=20130916184440875 auth= msa=0 ]
[ ip=10.11.48.81 rdns=media5.latf1.colo.j2noc.com
helo=media5.latf1.colo.j2noc.com
by=latf1.efax.com ident= envfrom= intl=0 id=E10BMM841XX auth= msa=0 ]
(netcarrier.com is one of the ISPs that I use fetchmail on.)
I have read the wiki and the docs, but I still don't understand what
exactly is happening.
The "lastexternal" tests do list an untrusted IP, yet that IP is deemed
not appropriate to test. But the "firsttrusted" and other tests do test
that IP.
Please, someone help me understand this.
Thanks.
--
Art Greenberg
a...@eclipse.net
