Hi Henrik I tried that - didn't make a difference.
In debug mode, it certainly made the IP address show up against X-Spam-Relays-External - but no RBL lookups against it occurred? That conflicts with the man page: "These IP addresses are virtually appended into the Received: chain, so they are used in RBL checks where appropriate." If I change the last Received header to contain that IP address, I get a totally different score than when I rely on originating_ip_headers. I think the problem is these other headers are added to the *end* of the X-Spam-Relays* variables instead of the beginning? i.e. with just relying on originating_ip_headers I see 41.184.112.222 as: Jan 6 21:59:33.671 [13958] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=178.33.48.155 rdns=s3.wirtualne.net helo=s3.wirtualne.net by=dytn-smtp2.trimble.com ident= envfrom=s...@s3.wirtualne.net intl=0 id= auth= msa=0 ] [ ip=41.184.112.222 rdns= helo= by= ident= envfrom= intl=0 id= auth= msa=0 ] whereas when 41.184.112.222 is the last Received header, I see: Jan 6 21:56:35.901 [13397] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=41.184.112.222 rdns=bosmailout05.eigbox.net helo=bosmailout05.eigbox.net by=dytn-smtp2.trimble.com ident= envfrom= intl=0 id= auth= msa=0 ] [ ip=10.20.15.5 rdns=bosmailscan05.eigbox.net helo=bosmailscan05.eigbox.net by=bosmailout05.eigbox.net ident= envfrom= intl=0 id=1Rj14Z-0006Lz-Bx auth= msa=0 ] [ ip=10.20.55.1 rdns=bosimpout01.eigbox.net helo=bosimpout01.eigbox.net by=bosmailscan05.eigbox.net ident= envfrom= intl=0 id=1Rj14Y-0006gn-Tg auth= msa=0 ] [ ip=10.20.12.10 rdns= helo=boscgi4605.eigbox.net by=bosimpout01.eigbox.net ident= envfrom= intl=0 id=J46X1i0050D0PFN0146XHy auth= msa=0 ] [ ip=41.184.112.222 rdns= helo= by= ident= envfrom= intl=0 id= auth= msa=0 ] This is SA 3.3.2 -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
