> > >> Since the beginning of this year, however, incoming (SMTP authenticated) > >> mail from clients outside the LAN is marked as spam. > >> E.g. > >> > X-Spam-Score: 10.756 (**********) > >> > BAYES_00,KAM_DMARC_REJECT,KAM_DMARC_STATUS,KAM_LOTSOFHASH,KHOP_HELO_FCRDNS,LOT > >> > S_OF_MONEY,PDS_RDNS_DYNAMIC_FP,RCVD_IN_PBL,RCVD_IN_ZEN_LASTEXTERNAL,RDNS_DYNAM > >> IC,SPF_FAIL,TO_EQ_FM_DOM_SPF_FAIL > > On 23.01.23 16:05, Marc wrote: > >Don't you have more details? Looks to me you are on dns blacklists, your spf > is not good etc. > > You have misunderstood the problem. Authenticated clients are those who > submit mail wia OP's server, so the SPF/DKIM/DMARC can't match as they match > when they go out of the OP's server. > > Also, it's common for authenticated clients to send mail from dynamic IP > addresses, they don't leave the OP's server using dynamic IP anymore.
yes I got this, but it looks like the stage where the message is being parsed to spamassassin, spamassassin uses the client ip. This is also the problem with the rbl, the client ip is being parsed. I think this was just always working like this, until more and more ip's are listed on dns blacklist and now all of a sudden he passed the threshold. As you wrote, you can't have such checks on the email, only content can be checked by spamassassin in this setup.
