On Wed, 15 May 2013 08:24:24 +0200 Matus UHLAR - fantomas wrote: > On 14.05.13 20:55, Martin Gregorie wrote: > >As to the letting SA check the origination addresses, my setup looks > >like this: > > > >internal_networks 192.168.7/24 > > > >trusted_networks 192.168.7/24 > >trusted_networks IPs.of.my_ISP's.mail_servers > > >Your ISP's mail server(s) should included as part of your trusted > >network because they do not originate spam, though spam from, e.g. > >other users of the SAME ISP, may do so. By including the ISP's mail > >servers in trusted networks you're telling SA to examine the > >addresses one hop further out than them, which is what you want. > > Your ISP mail hosts should be in your internal_networks (not just > trusted_networks!), unless they are used for submission (SMTP > servers). This also applies for IPs of your POP3/IMAP servers, if > fetchmail (or getmail) pushes them into Received: line.
I was looking at the code and it appears that there is special handling for fetchmail, but not getmail. I've opened a bug about this because this handling probably should be made generic to all POP/IMAP retrieval. https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6935
