On Fri, 25 Feb 2011 09:59:44 +0100 "Stefan Jakobs" <ste...@localside.net> wrote:
> > Hi list, > > I received a message from a friend, fetched the message by using POP3 > and passed it to spamassassin. It marked the message as spam. > I know this is not the intended use of spamassassin, Actually it's fine to use SA this way. The problem is that SA can't work out that this particular mail is internal to web.de. The following header doesn't look like an authenticated submission, so SA thinks it's an external mail server > Received: from [78.55.199.104] by mwmweb019 with HTTP;... The canonical solution to this is to put all the wmwebXXX ip addresses in msa_networks, but you shouldn't include the MX servers, so you have to be careful about using address blocks. It's more difficult because all the addresses are private and you can't get them from dns lookups. If you don't get a lot of of local spam on web.de it might be easier to whitelist. Or write a rule that take 10 points or so off local webmail. Something like: header LOCAL_WEBMAIL X-Spam-Relays-Untrusted =~ /^[^\]]+ by=mwmweb/
