giga328 <giga...@hotmail.com> writes: > I looked at Received headers and unfortunately, Received headers added by > our webmail are not standard ones. Except for the proxy.IP in the following > example, all IPs and all FQDNs are from our servers. Here is the (ugly) > example: > > Received: from our.domain ([our.webmail.private.IP]) > by our.mtaout.our.domain (server version) with ESMTP id > <0kfu00g0k3aai...@our.mtaout.our.domain> for > recipi...@some.domain; Sun, 01 Mar 2009 16:34:59 +0100 (CET) > Received: from [our.webmail.public.IP] (Forwarded-For: proxy.IP) > by our.webmail.our.domain (mshttpd); Sun, 01 Mar 2009 16:34:58 +0100 > From: our user <our.u...@our.domain> > To: recipi...@some.domain > > At least, header and envelope from and to addresses can not be faked by > using webmail. > > Any idea how can I make SpamAssassin to trigger DNSBL, DCC, Razor tests (or > at least DCC, Razor tests) for proxy.IP?
Well, two simple ideas: 1) Fix your webmail code to put in regular received: lines, with an authenticated sender tag, just like e.g. if it had some in tls/sasl to postfix or sendmail 2) Write some perl code in spamassassin to recognize that webmail header. I think option 1 is a better outcome, and probably easier, assuming you have source for your webmail setup.
pgphHvhyxHrhI.pgp
Description: PGP signature
