I'm sorry; I should have included the version information.
I am running spamassassin with the default installation from kubuntu 18.04 LTS, updated to kubuntu 20.04. It is version 3.4.4. It is called by amavisd-new, also a default installation.
My local.cf sets up the Bayesian classifier and otherwise only has rules that match text in the headers to reject specific phrases and domain names. I have not done anything to set up or otherwise modify trusted_networks, internal_networks, or msa_networks. Is there a good source of documentation for how to do that? I don't believe it was included in the Ubuntu howto document for setting up amavisd-new.
I agree with you that the server in the Received header you quoted is not listed in dnswl.org, and that spamassassin should not be trusting the headers provided by that server. I'd like to know how to correct the error and perhaps even figure out why the standard ubuntu package doesn't do this correctly.
On 2022/12/26 23:02:30 Benny Pedersen wrote: > John Stimson via users skrev den 2022-12-26 21:44: > > > My second question is where to report an SMTP server that passes SPF, > > but is passing spam with forged Received headers. > > > > Here's an example header: > > Received: from aznavrchol.cz (unknown [85.204.116.245]) > by idsfa.net (Postfix) with ESMTP id 2EF948C00FC > for <jo...@idsfa.net>; Sun, 22 May 2022 20:12:15 -0700 (PDT) > > this is not listed in dnswl.org > > https://multirbl.valli.org/lookup/85.204.116.245.html > > have you setup trusted_networks, internal_networks, msa_networks correct > in spamassassin ? > > if you can confirm it uses other headers for dnswl.org then remove this > headers before spamassassin see it, thats the forged header imho X-* and > friends there :=) > >