On 11/3/2011 9:59 AM, Schorny wrote: > > Kelson Vibber-2 wrote: >> A matter of perspective: You don't need to tell SA to ignore the last >> header, you need to tell it NOT to ignore the second one. Generally >> speaking, SA checks blacklists against the first hop outside your internal >> network. It sounds like your local SA has decided that >> mailserver.provider.com is trusted, so instead of starting there, it's >> starting at the next one out. (And yes, that last Received: header should >> be there.) >> >> I agree with Matus UHLAR's advice: check the trust path settings. >> > Hi. > > Thank you. This sounds very good, but there are no trusted_networks > configured. We only trust 127.0.0.1 and that is implicit. Therefore there is > no trusted_networks line in our local.cf or any other .cf File. > There are also no internal_networks lines.
If you do not specify trusted_networks, then SA will take a guess. In general, SA will treat the first non-internal IP address as your mailserver and consider it trusted. For best results, you should always specify trusted_networks in your config. > Can you give me any other pointers where I can look or steps I can take get > more information what goes wrong? > > We use Spamassasin as Part of an amavisd-new installation. > > > @Darxus: > The following rules are hitting: > RCVD_IN_CBL, RCVD_IN_SBL_XBL, RCVD_IN_SORBS > Which are IIRC all Spamlists we are checking. > > When I check manually, the user's IP is indeed listed there. The user's > mailprovider's mailserver is of course not listed there. Dynamic IP addresses are commonly listed in blacklists. The issue is that SA shouldn't be checking that IP address against the blacklists in the first place. Fix your trusted_networks and the problem should go away. -- Bowie
