On Mon, 10 Oct 2011 13:14:21 +0200 (CEST), Tomas Macek wrote:
On Mon, 10 Oct 2011, Benny Pedersen wrote:
On Mon, 10 Oct 2011 12:19:56 +0200 (CEST), Tomas Macek wrote:
I suggest something like this:
trusted_networks 213.x.x.x/y # all our public ip addresses range
internal_networks 213.0.0.5 # let's say that's our mailserver's IP
the above should only list all the mailserver(s) you have as isp,
not custommers ips in network, same with trusted_network
OK, this should be good:
trusted_networks 213.0.0.5 213.0.0.10 # primary mx IP and backup mx
IP
internal_networks 213.0.0.5 # only the IP of primary mx
Right?
backup is imho also internal, only ecception is if its another isp
if you forward mails in clusters add cluster ips as
trusted_networks, not internal_network
But I think, that almost everone is sometimes infected and sends
spam... So I'm confused howto setup my system.
verify with above change
spamassassin -t msg | less
your clients still use sasl auth even from isp ip ranges ?, thats
the correct way to solve most problems, but are unrelated to the error
you see, here i use amavisd-new and have seperate policy banks for
submision and smtpd incomming mails, smtpd is never originating mails
here, submission reject non sasl authed clients
I know, that smtp auth often solves many problems, but today I cannot
force all our clients to use it. So that means, that someone uses it,
but mostly not.
i remember clients problems can be isps problems understanding as well
:=)
what kind of problems remain to be solved if sasl auth is only way to
send mail ?
what logs say ?
hope that helps, if not post sample on pastebin, and just mangle
sender donain with example.org
But there is still the question what bad happened when DOS_OE_TO_MX
matched the message?
yes, check if msg is with ALL_TRUSTED test or not
The client sent the mail from internal network 213.x.x.x/y from his
public static IP through our mailserver into some mailbox hosted on
our mailserver. I think I must have some misconfiguration in
spamassassin...
if ALL_TRUSTED agree its sure a bug, but imho its not scoring 5.0 ?
