Hi, The IP address of a supplier is currently listed by Spamhaus SBL-CSS.
This is not directly causing me to reject their emails, because they are actually sending out through Mimecast. However, SpamAssassin is finding that IP in the headers as the Received line *before* Mimecast's, i.e. their listed host is the one handing off to Mimecast, who are connecting to my MX. How would I go about allowlisting this IP address against DNSBL hits? Ideally for a specified range of from addresses and/or envelope senders, but for every sender if necessary. I think I would be okay with exempting such an IP address from *all* negative DNSBL hits, at least temporarily. My first thought was "allowlist_from rcvd", but I do not think this will work as I think it only checks the first Received header outside of my internal_networks. The employees of the supplier send email with all manner of addresses and the supplier also hosts mailing lists that are open to the public so I cannot predict any from address for allowlisting purposes. I expect they will be delisted by the time I work this out, but it would be good to know for the future! Thanks, Andy