Daryl C. W. O'Shea wrote: > On 08/12/2005 12:10 PM, Russ Ringer wrote: > >> Even with TRUSTED_NETWORKS set, the RCVD_IN_SORBS_DUL rule is >> triggered. I don't see how this is correct, when the IP address that >> triggered it was not the last hop. This rule should only be triggered >> when "sent directly from dynamic IP address" > > > That's not what the rule is looking for (the last hop). > > The rule will lookup any hop that is NOT the FIRST hop. Since the mail > first passes through a proxy (the hop we don't check as long as there > are other external hops) and then passes through another hop (that we do > check) the rule is firing since that second hop is listed. >
Comment for correctness: Technically, the "notfirsthop" is a misnomer, and a carry over from really old versions of spamassassin. In really old versions, it really worked this way. SA Checked every IP except the first hop. However, SA stopped doing that a long time ago. The implementation of this in SA 2.60 and higher is actually "first untrusted host delivering mail to a trusted host". The "notfirsthop" name remains in the rules, but it's an artifact, and is not really implemented this way.
