What is the optimal configuration (local.cf or other) for an ISP's MSAs to prevent unauthenticated dynamic-IP customers from triggering dynamic tests, but still benefiting from general filtering?
I was hoping for a magical 'mua_networks' option, which let me enumerate the IP space that my users submit from, and automatically exempt them from DOS_OE_TO_MX, etc., but I haven't been able to find anything like that. >From my reading of the .conf manpage, the TrustPath page, and the archives (see references below), I've tentatively concluded that I will need to have some local rule overrides on all of my MSAs for any rule or meta-rule that detects dynamic-looking hostnames ... but that seems high-maintenance locally as well as a lot of duplicated work for other SA users. Note also that my MTAs and MSAs are separate farms, so having separate local.cfs for each is 100% feasible. To point out the obvious: because my customers may be trojaned (or decided to become spammers), I cannot assume that they aren't forging headers - but I know that they are *supposed* to have hostnames that look dynamic. Also, for legacy reasons, lots of them are authenticated only by what IP space they're coming from (not SMTP AUTH, etc.) I'm a long-time user, first-time poster; any help would be much appreciated. I suspect that this is a well-solved issue, and I just failed to come up with the right Google search for it. Royce Williams References: http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Conf.html http://wiki.apache.org/spamassassin/TrustPath http://old.nabble.com/ALL_TRUSTED-and-DOS_OE_TO_MX-td15659736.html
