Re: Messages from outer clients marked as spam

Wed, 25 Jan 2023 23:24:12 -0800 

On 1/25/23 12:37, Matus UHLAR - fantomas wrote:

just the headers should be enough.
You can also post headers on site like pastebin.


On 25.01.23 15:34, Andrea Venturoli wrote:

Trying again, with fewer details...

Looking at a quarantined message, the only received header is (anonymized):



Received: from [192.168.xxx.xxx] (xxx-xxx-xxx-xxx.dyn.eolo.it [xxx.xxx.xxx.xxx])
       (authenticated bits=0)
       by xxxxxx.xxxxxxxxxxxxxxxxxxxxx.xx (8.17.1/8.17.1) with ESMTPSA id 
30G71OZ7043441
       (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO)
       for <xxxxxx.x...@xxxxxxxxxxxxxxxxxxxxx.xx>; Mon, 16 Jan 2023 08:01:24 
+0100 (CET)
       (envelope-from xxxxxxxx.xxxx...@xxxxxxxxxxxxxxxxxxxxx.xx)


Running this message through "spamassassin -D -t", I get:



dbg: received-header: parsed as [ ip=xxx.xxx.xxx.xxx 
rdns=xxx-xxx-xxx-xxx.dyn.eolo.it helo=!192.168.xxx.xxx! 
by=xxxxxx.xxxxxxxxxxxxxxxxxxxxx.xx ident= 
envfrom=xxxxxxxx.xxxx...@xxxxxxxxxxxxxxxxxxxxx.it intl=0 >
dbg: received-header: authentication method ESMTPSA
dbg: received-header: relay xxx.xxx.xxx.xxx trusted? yes internal? yes msa? no



So, I'm tempted to conclude that I don't need to mess with 
internal_networks, msa_networks, and trusted_networks,



Not here, because the "with ESMTPSA" means that mail was received encrypted 
("S"ecure) and "A"utenticated. Configuring trusted_networks for mail 
submission is for clients submitting mail without authentication (which was 
very common >10 years ago and still persists somewhere).



or call synthesize_received_header in MIMEDefang.



With milter, you need to synthetize Received: header, because milter does 
see the mail as it came to your MTA, without the locally added Received: 
header.



Also, strangely, running through the command line, this give a score 
close to 0 now.



I guess it's just because of this Received: header that wasn't seen when 
mimedefang processed the mail.



We also have the ALL_TRUSTED rule which


Alas, for some reason, this does not seem to trigger :(


Perhaps there are other Received: headers in the e-mail?

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R)etry, (A)bort, (C)ancer






















					Reply via email to