Andrew Doughety wrote:Hi, We are trying to perform DNSBL checks on incoming mail and we are not seeing any actual DNS queries. When looking at the code it seems that the information on which IP(s) to check is obtained from X-Originating and X-Apparently-From headers.No, SA should be checking the IPs from the Received: headers. However, make sure your trust path is working correctly. If you ever see spam matching ALL_TRUSTED, then that email is going to be exempt from DNSBL tests. 9 times out of 10, this is the trust-path guesser being confused by a NAT config. See the wiki on how to fix this: http://wiki.apache.org/spamassassin/TrustPath
Restricting the trusted path fixed the problem. Thanks!
