Hi,

The IP address of a supplier is currently listed by Spamhaus
SBL-CSS.

This is not directly causing me to reject their emails,
because they are actually sending out through Mimecast. However,
SpamAssassin is finding that IP in the headers as the Received line
*before* Mimecast's, i.e. their listed host is the one handing off
to Mimecast, who are connecting to my MX.

How would I go about allowlisting this IP address against DNSBL
hits? Ideally for a specified range of from addresses and/or
envelope senders, but for every sender if necessary. I think I would
be okay with exempting such an IP address from *all* negative DNSBL
hits, at least temporarily.

My first thought was "allowlist_from rcvd", but I do not think this
will work as I think it only checks the first Received header
outside of my internal_networks.

The employees of the supplier send email with all manner of
addresses and the supplier also hosts mailing lists that are open to
the public so I cannot predict any from address for allowlisting
purposes.

I expect they will be delisted by the time I work this out, but it
would be good to know for the future!

Thanks,
Andy

Reply via email to