Hi,
I have followed the discussion about -notfirsthop vs -lastexternal. It is generally agreed that mail originating right from a mail server is considered good, and that mail sent from any ip via a mail server is considered good as well, if the path to the mail server was authenticated. It is also generally agreed that mail not matching this criteria (sent straight from a client machine, or relayed through a server that does not auth) is considered suspicious (and earns some points in SA) Now, in real life, there are probably many office-type systems where mail originates from a private ip, goes to a local mail server without authentication (after all, it is their localnet), then their local server sends - via an auth'd path - to a regular mailserver. So I would suggest that a first hop from a private ip should be ignored when classifying relays. Likewise, a first auth'd hop from a public ip, then travelling through private ip space, finally to smarthost, looks like a valid roaming user sending through the company facilities. On the other side, if mail is received from a public ip without auth, and then travels through private ip space, one would assume that the first station probably is an open relay Wolfgang Hamann
