>> Since the beginning of this year, however, incoming (SMTP authenticated)
>> mail from clients outside the LAN is marked as spam.
>> E.g.
>> > X-Spam-Score: 10.756 (**********)
>>
BAYES_00,KAM_DMARC_REJECT,KAM_DMARC_STATUS,KAM_LOTSOFHASH,KHOP_HELO_FCRDNS,LOT
>>
S_OF_MONEY,PDS_RDNS_DYNAMIC_FP,RCVD_IN_PBL,RCVD_IN_ZEN_LASTEXTERNAL,RDNS_DYNAM
>> IC,SPF_FAIL,TO_EQ_FM_DOM_SPF_FAIL
On 23.01.23 16:05, Marc wrote:
>Don't you have more details? Looks to me you are on dns blacklists, your spf
is not good etc.
You have misunderstood the problem. Authenticated clients are those who
submit mail wia OP's server, so the SPF/DKIM/DMARC can't match as they match
when they go out of the OP's server.
Also, it's common for authenticated clients to send mail from dynamic IP
addresses, they don't leave the OP's server using dynamic IP anymore.
On 23.01.23 17:04, Marc wrote:
yes I got this, but it looks like the stage where the message is being
parsed to spamassassin, spamassassin uses the client ip. This is also the
problem with the rbl, the client ip is being parsed.
setting up trustpath
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/TrustPath
and mailserver tagging authenticated mail properly help much
I think this was just always working like this, until more and more ip's
are listed on dns blacklist and now all of a sudden he passed the
threshold.
As you wrote, you can't have such checks on the email, only content can be
checked by spamassassin in this setup.
perhaps the mail wasn't authenticated or the client wasn't in trustpath?
Can you post the Received: headers?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
It's now safe to throw off your computer.
