Hi Greg, I looked at Received headers and unfortunately, Received headers added by our webmail are not standard ones. Except for the proxy.IP in the following example, all IPs and all FQDNs are from our servers. Here is the (ugly) example:
Received: from our.domain ([our.webmail.private.IP]) by our.mtaout.our.domain (server version) with ESMTP id <0kfu00g0k3aai...@our.mtaout.our.domain> for recipi...@some.domain; Sun, 01 Mar 2009 16:34:59 +0100 (CET) Received: from [our.webmail.public.IP] (Forwarded-For: proxy.IP) by our.webmail.our.domain (mshttpd); Sun, 01 Mar 2009 16:34:58 +0100 From: our user <our.u...@our.domain> To: recipi...@some.domain At least, header and envelope from and to addresses can not be faked by using webmail. Any idea how can I make SpamAssassin to trigger DNSBL, DCC, Razor tests (or at least DCC, Razor tests) for proxy.IP? Regards, Giga Greg Troxel wrote: > > > I don't think these mails should be hitting ALL_TRUSTED. Your web > server did not really originate them, but received them from some other > host over a webmail subsmission protocol that is really just like SMTP > submission in function. So I think the web server should be adding a > Received: header to show that, and that would enable spamassassin to > look up the previous hop list in RBLs. > > -- View this message in context: http://www.nabble.com/Webmail-spammers-tp22273077p22279486.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
