pilot error? or idiots at microsoft?

Jo Rhett jrhett at netconsonance.com
Sat Aug 13 01:50:18 CEST 2011


On Aug 12, 2011, at 5:49 AM, Mark Martinec wrote:
> host/link/site -local IP addresses and private addressess are *not*
> routable outside their scope. You can't receive/establish a TCP
> session from such IP address from outside on your MX mailer.

I have no idea what networks you participate in, but my system is on a network where I can get RFC1918 addresses from as much as 8 hops away.  I absolutely don't trust those addresses.

> When analyzing a mail header (top to bottom), SpamAssassin
> breaks a trust chain on encountering a 'received from' carrying
> an IP address not in your trusted_networks. Anything beyond that
> does not matter, further Received trace header fileds would
> not be trusted even if they carry an IP address matching the
> trusted_networks.


For path detection, fine -- but that shouldn't be applied in places used by rules which allow relay, allow no-av-check, etc.

-- 
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source and other randomness



More information about the amavis-users mailing list