Alex skrev den 2024-04-24 15:45:
I'm using SA 4.0.1 and amavisd with postfix. I've identified a few
bounce messages in the quarantine because they weren't identified
properly. Here's one:
https://pastebin.com/RMNkcyhF
1.3 RDNS_NONE Delivered to internal network by a host
with no rDNS
This is apparently related to this:
Received: from gambit.example.com ([130.250.178.199])
by localhost (iceman.example.com [127.0.0.1]) (amavis, port 10024)
with ESMTP id D5Mo318nYFrZ; Wed, 24 Apr 2024 08:17:07 -0400 (EDT)
Alex:
Is gambit.example.com ([130.250.178.199]) your server?
If so, it should be in trusted_networks and internal_networks
Also, why don't you resolve DNS?
That IP has valid fcrdns name gambit.guardiandigital.com.
For example, it matches on
* 3.1 URI_IMG_CWINDOWSNET Non-MSFT image hosted by Microsoft Azure
infra, possible phishing
On 24.04.24 18:27, Benny Pedersen wrote:
this is not in spamassassin core rules
I _can_ see this in 4.0 rules
* 2.6 HOSTED_IMG_DIRECT_MX Image hosted at large ecomm, CDN or
hosting
* site, message direct-to-mx
also not in default rule sets
also this one.
Perhaps Benny uses older SA?
It also matches on ANY_BOUNCE_MESSAGE and BOUNCE_MESSAGE. Should metas
be created to avoid adding the above scores?
What more can be done to improve deliverability of these messages?
Perhaps this is something postfix can identify and bypass scanning?
BOUNCE_MESSAGE requires setting up welcomelist_bounce_relays, which defines
servers who send your e-mail - thus you know bounces from those hosts are
legitimate. the original message opriginated from mailgun, perhaps you need
to add its servers.
it matches bounces since its a bounce, alt that is seen as a results
of forwarding emails
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just selective who its friends are...
