On Tue, 22 Nov 2016 05:48:29 +0000 (UTC) Pedro David Marco wrote: > Thanks Bill, > >. I don't know why some spammers do this sort of lame > >Received fakery, since it fingerprints their mail as spam, but it > >has been a fairly common practice for a long time. > But SA did not trigger any rule about the forgering...
SA doesn't punish unknown formats. This one might allow for a useful rule, but it depends on how often the same pattern is repeated. > and debug mode does not show any message about unparseable lines. It > seems just ignored, It is ignored. SA doesn't even try to parse a relay that starts with "by". It only logs a relay as unparseable if it fails to parse a relay that might be useful. This header does contain an IP address, but it's part of what the header is claiming to be a protocol name. > so the relay remains unchecked in RBLS. It's worth bearing in mind that a received header logs the IP address of the previous host, so the useful spammer IP address is recorded in the first header that's *not* written by a spammer. Checking made-up spammer headers does no harm, but it's not particularly important. Actually, most RBLs are configured as "last-external" so they only use the IP address recorded by your MX server.
