Versions Compared

Old Version 29

changes.mady.by.user ASF Infrabot

Saved on

compared with

New Version 30

changes.mady.by.user ASF Infrabot

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Adding X-Spam-RelaysUntrusted header for testing

...

  • ALL_TRUSTED matching spam email from the outside or other untrusted mail.
  • Dialup/Dynamic IP RBLs misfiring for properly relayed mail.
  • Dialup/Dynamic IP RBLs not catching direct-delivered mail.
  • whitelist_from_rcvd fails to match.
  • SPF tests misfiring (failing when they should pass and vice versa).
  • False positives on non-spam mail coming from "dynamic" or "dialup" addresses in your own network.
  • AutoWhitelist mismatches on forged mail due to confusion about the source IP.

Your trust path can be tested by adding the following to your SpamAssassin config:

No Format

add_header all RelaysUntrusted _RELAYSUNTRUSTED_

Wiki Markup
This will add headers similar to "{{X-Spam-RelaysUntrusted: \[ip=140.211.11.3 rdns=hermes.apache.org....}}".  The first IP address is the IP which will be used for network tests like RBLs and SPF.

If you see these warning signs frequently, you probably need to manually configure trusted_networks. See the Mail::Spamassassin::Conf manpage for details. Generally you want trusted_networks set to contain all the mailservers you control that add Received: headers, and nothing else. For proper operation of DUL and SPF tests on authenticated mail submission from dynamic/"dialup" hosts, see DynablockIssues.

...