On Wed, 25 Nov 2020 14:05:21 +0000 Jonathan Gilpin wrote: > I was always of the understanding that a senders IP address was > irrelevant when sending using authenticated SMTP
Authentication is only relevant in your own trusted network. > However, today I noticed a mail from someone using BT, whose > broadband IP is blacklisted, It's important to understand that there are two types of IP blocklist, those that contain a substantial component of dynamic IPs and those that don't. The former should only be used on the last-external IP address, the other kind can be used on addresses from deep headers. > * 1.5 RCVD_IN_CBL RBL: Received via a relay in > cbl.abuseat.org This is your own rule. My understanding is that CBL is currently the same as the XBL list in the core rules. If that's correct then it has has been misconfigured to look deep. > * 1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus > SBL+XBL There's no good reason to use this in SpamAssassin - it's all kinds of wrong. > * 3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus > SBL-CSS This is a core rule and legitimately runs deep. This is probably a mistake made by Spamhaus or possibly it was recently reassigned to a dynamic pool. > Looking at the headers below it seems the IP is only shown in one > place: > > x-originating-ip: [86.129.191.88] Usually this is a webmail client IP address. It's legitimate to use it with the deep lists.
