On Fri, 31 Aug 2018, Matus UHLAR - fantomas wrote:
Note that I list internal clients as trusted, not as internal.
Maybe this is the problem. Long time ago I learned to configure
dynamic IP addresses (dialups) as trusted, but not as internal.
On 31.08.18 12:07, John Hardin wrote:
Hrm. Not sure which way to go in that case. Dialup IPs (unless
statically assigned to a specific user account) are not really a
reliable indicator of internal or trusted... Any of that ISP's clients
could get that IP and suddenly be able to get preferential treatment
by your mail system.
In this case, clients are internal, not dialup, but I still think they
should not be listed in internal_networks (as I don't trust them not to
spoof anything).
Trusting to not spoof headers is what the trusted_networks list is for.
I agree and this is something I repeatedfly tought of for long time.
But so far we had nothing else to avoid catching non-authenticated
clients than listing them in *_networks (and I still found trusted_networks
more than internal_networks).
HDR_ORDER_FTSDMCXX* is the one I'm trying to solve.
Well, that's basically a just check for MSFT MUAs, and spam tools that
slavishly mimic the headers such clients produce...
unfortunately, they catch MUAs as long as those spam tools. We need
something to avoid real MUAs until we have better spam tool detection.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states.
