giampaolo at tomassoni.biz
Tue Mar 8 10:31:45 CET 2011
From: "kfx" <manuel.bertrand at gmail.com>
> On 3/8/11 9:09 AM, Giampaolo Tomassoni wrote:
>>> Received: from famiglio
>>> [184.108.40.206]) (Authenticated sender: *******)
>>> by c0.edlui.it (Postfix) with ESMTPA id 2AF86472390
>>> for <amavis-users at amavis.org>; Mon, 7 Mar 2011 17:51:33 +0100 (CET)
>>> this adds to the score !
>> What? Why?!? Which SA rule does it trigger?
> RDNS_DYNAMIC on SA 3.2.5
> The default score is very low and I raised it, so no worry :)
Mmmh. You shure it is that Received: which raises the RDNS_DYNAMIC ?
The "last untrusted relay" is not the last in the Received: list, but
instead the first in the list outside of the "ring of trust" you defined in
SA (internal_networks, trusted_networks, possibly even msa_networks).
Here I guess you trusted de.postfix.org , so the problem may be this:
Received: from c0.edlui.it (host242-201-149-62.serverdedicati.aruba.it
[220.127.116.11]) by de.postfix.org (Postfix) with ESMTP
for <amavis-users at amavis.org>; Mon, 7 Mar 2011 17:22:10 +0100 (CET)
1) 18.104.22.168 is static;
2) I can't change its rDNS to make it match c0.edlui.it.
>> Running it on my SA I get some score from STOX_REPLY_TYPE and
>> STOX_REPLY_TYPE_WITHOUT_QUOTES, because I was so silly to reply to an
>> announcement message in the new list and there rewrite the message from
>> But that accounts for more or less 2.2 points (SA 3.3.1 with updated
>>> maybe the postfix at c0.edlui.it should remove this header (mainly for
>>> privacy reason,
>>> not only to make me continue to be lazy with my SA's config..)
>>> /^Received:.*Authenticated sender:.*/ IGNORE
>> There is no privacy concern in this:
> It may not be dramatic but this Received header gives the IP address of
> the user and so his location when he sent this email (my boss asked me to
> take it away...)
Well, right. But this is also a very useful information in order to detect a
spam source and not being tied with it. If you report a spam to SpamCop, in
example, and you have an account there which gives a bit of trust to your
mail server, the Received: you pointed out is the one SC uses to spot (and
possibly blacklist) the source. Otherwise, the source would instead be your
mail server, which is far worse!
> Received: from famiglio
> [22.214.171.124]) (Authenticated sender: *****)
> by c0.edlui.it (Postfix) with ESMTPA id 729A23A9162
> for<amavis-users at amavis.org>; Tue, 8 Mar 2011 09:09:22 +0100 (CET)
> But as Benny Pedersen said, if it breaks dkim it may not be a good idea.
> I really need to revamp my conf... :)
Also, I recall that someone in the SA user list (or users list? ;) ) was
firmly suggesting to upgrade existing 3.2.x installations to 3.3.x. Can't
remember why, sorry.
More information about the amavis-users