Chris wrote: > Jim Maul wrote: > > Id say its because you have a dynamic ip address. You might want to > > send all mail out through your isp's mail servers instead. > > All msgs do go through EL, AFAIK, here are two headers, the first from a msg > not marked as spam, the second the headers from the msg tagged by sorbs:
I am looking at both lists of headers and I think both should have been tagged with being in DUL lists by dul.dnsbl.sorbs.net as both headers contain 69.68.226.5. However, that is only good for 2.0 points from SA. The big hitter was that this was also listed in pyzor for 3.5 points and not having any DNS for chris.localdomain was good for 1.6 points. Perhaps the entire points score was why the first one was not tagged? > Return-Path: <[EMAIL PROTECTED]> That should trigger NO_DNS_FOR_FROM for 1.6. > Received: from chris.localdomain ([69.68.226.5]) > by bunting.mail.pas.earthlink.net (EarthLink SMTP Server) with ESMTP id > 1cxqfG3Jo3NZFmR2 > for <[EMAIL PROTECTED]>; Thu, 25 Nov 2004 12:30:04 -0800 (PST) That should trigger RCVD_IN_SORBS_DUL. This is also affected by your trusted_networks. DNS blacklist checks will never query for hosts listed as being on a trusted_network. I am not sure this is related. But good to know about regardless. SA tries to deduce a correct setting for that parameter. But this is hard to impossible in many cases. I usually need to set it for my own configurations. If 192.0.34.166 is your mail hub then here is an example setting it and a series of other local private networks behind it so that SA can deduce where the mail came into the network. trusted_networks 192.0.34.166 trusted_networks 192.168.0.0/16 trusted_networks 127.0.0.0/8 Another comment about the marked as spam message. > Received: from localhost (localhost.localdomain [127.0.0.1]) > by chris.localdomain (Postfix) with ESMTP id ACD7E584002 > for <[EMAIL PROTECTED]>; Thu, 25 Nov 2004 19:30:58 -0500 (EST) I assume that is fetchmail here? I think you need to add 127. to your trusted_networks so that SA will know this is a local trusted relay. > Received: from pop.earthlink.net [207.217.121.215] > by localhost with POP3 (fetchmail-6.1.0) > for [EMAIL PROTECTED] (single-drop); Thu, 25 Nov 2004 18:30:58 -0600 > (CST) Earthlink data. Looks good. Not listed in any rbl that I checked. > Received: from chris.localdomain ([69.68.226.5]) > by mx-a065b05.pas.sa.earthlink.net (EarthLink SMTP Server) with ESMTP > id > 1cxu014b33NZFpL1 > for <[EMAIL PROTECTED]>; Thu, 25 Nov 2004 16:30:09 -0800 (PST) If earthlink.net[207.217.121.215] is in the trusted_networks list then SA will do a DNS query for 69.68.226.5, and find it is a dynamic IP address and tag it with RCVD_IN_SORBS_DUL. This is as it should be if the trusted_networks is configured this way. For mail sent to me this way it would not be and my SA would only look up 207.217.121.215 and nothing would be tagged. This is among the reasons I am thinking that the trusted_networks setting is a critical part of this discussion. > From: [EMAIL PROTECTED] (Cron Daemon) Of course right there if this were mail to me my configuration would toss it completely out because the sender address is not resolvable. This message is impossible to reply to so I discard it at the MTA level. > I guess that since I used fetchmail to do the pickup from EL, which > placed the mail in /var/spool/mail then SA was ran against that > rather than having Kmail do the pickup and filtering it directly to > my 'cron' folder is what made the difference. (confusion, purses lips and furls brow) So much depends upon your specific configuration that really anything is possible depending upon how you have configured it and are running it. It would seem to me that in both of your above cases there is no opportunity to run SA on your binaries using that configuration. If fetchmail puts mail directly in /var/spool/mail then how does SA get involved? If Kmail is pulling mail directly from the ISP then how does SA get involved? But I don't use either fetchmail or kmail and so only know about them academically. I am guessing there must be some method to insert an spamassassin filter into those streams. Normally (normal for me) postfix receives the message, sees my $HOME/.forward file and passes control to it. My forward file passes the mail to procmail. My $HOME/.procmailrc passes it through spamassassin for catagorizing. Depending upon the result procmail then files it here or there in different folders. (I use maildir folders in my home directory.) I then read the mail (using mutt) and read the message. This is rather the classic unix configuration. All on a Pentium2-400MHz/512MB running Debian woody. I received and processed 84152 messages last month. An ISP with many users would need a different, more efficient, configuration. YMMV. It works for me, and all of those disclaimers. > So, what would be the work around to not get tagged by sorbs for > this? I would place your own IP address and that of your ISP in the trusted_networks parameter. The problem with this is that as your dynamic IP address changes you will need to update your configuration. Actually, I would have a firewall box so that my internal network was an rfc1918 private unroutable address such as 192.168.0.0/24 and then my local private address would never change. Bob
