Re: Re: Re: DNSWL_HI testing wrong Received header?

Wed, 28 Dec 2022 04:45:59 -0800 

On 27.12.22 17:28, John Stimson via users wrote:

I have a single SMTP server with single public IP address.  I have set

trusted_networks my.ip.num.ber

internal_networks my.ip.num.ber

and removed the clear_originating_ip_headers line.  I also added the line

add_header all RelaysUntrusted _RELAYSUNTRUSTED_
based on the suggestion in the TrustPath documentation at https://cwiki.apache.org/confluence/display/SPAMASSASSIN/TrustPath
The documentation there only suggests setting my trusted_networks and internal_networks, not clearing either of them.
Now, when I manually check the messages, the X-Spam-RelaysUntrusted: header displays the mail host that my server received the message from. That seems proper. HOWEVER, even though that is supposed to be the host used for all IP based checks, DNSWL_HI is being triggered. 

have you reloaded amavisd?
The first untrusted host is not in the dnswl.org high confidence list. However the IP in X-Originating-Ip: is listed in dnswl.org's high confidence list.  I don't know why spamassassin would use that header, though, since it is below the Received: line for the first untrusted relay. 

SA will use this header if it trusts server that set the header.
This should not be your case.

do you have anything set in amavis' home directory?
usually  ~amavis/.spamassassin


On 2022/12/27 18:20:35 Matus UHLAR - fantomas wrote:

>On 2022/12/26 23:47:41 Benny Pedersen wrote:
On 27.12.22 13:04, John Stimson via users wrote:
>Thanks -- I found a mechanism that empties the list of headers used to
>determine the originating IP.  I added this line to my local.cf:
>
>clear_originating_ip_headers

I recommend checking:

trusted_networks
clear_trusted_networks

internal_networks
clear_internal_networks

these to be set up properly instead of just clear_originating_ip_headers
- you should still check them, as they give you opportunity to check 
proper

headers in DNS, not just in DNSWL.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just selective who its friends are...

Reply via email to