Jo Rhett wrote:
On Apr 23, 2008, at 3:27 PM, Matt Kettler wrote:
How and why? Are you saying I *must* have a 2nd-level MX host for
SA to work? That's not my experience, and 2-layer relays are
backscatter sources. Milter from the local MTA works just fine.
No, you don't need a second-level MX. However, to work properly, SA
must trust everything up to an including your MX, and all your
trusted mailservers need to generate Received: headers that SA can
then make sense of.
I'm not repeating for the 5th time that there are no trusted
mailservers. Only this host.
That's a contradiction, because "this host" is a mailserver. Clearly you
have a trusted mailserver.
However, in the interest of moving the discussion forward, you have
exactly one trusted mailserver, your MX, which is perfectly valid.
The question lies in why does the AWL seem to be confusing forged email
with your own email. That's generally quite critically dependent on the
trust path.
Have you tried running one of the forged messages, and an actual
legitimate message through SA manually with the -D flag to see what the
trusted and untrusted hosts are, as SA sees it?
