...
- ALL_TRUSTED matching spam email from the outside or other untrusted mail.
- Dialup/Dynamic IP RBLs misfiring for properly relayed mail.
- Dialup/Dynamic IP RBLs not catching direct-delivered mail.
- whitelist_from_rcvd fails to match.
- SPF tests misfiring (failing when they should pass and vice versa).
- False positives on non-spam mail coming from "dynamic" or "dialup" addresses in your own network.
- AutoWhitelist mismatches on forged mail due to confusion about the source IP.
Your trust path can be tested by adding the following to your SpamAssassin config:
No Format |
---|
add_header all RelaysUntrusted _RELAYSUNTRUSTED_
|
Wiki Markup |
---|
This will add headers similar to "{{X-Spam-RelaysUntrusted: \[ip=140.211.11.3 rdns=hermes.apache.org....}}". The first IP address is the IP which will be used for network tests like RBLs and SPF. |
If you see these warning signs frequently, you probably need to manually configure trusted_networks. See the Mail::Spamassassin::Conf manpage for details. Generally you want trusted_networks set to contain all the mailservers you control that add Received: headers, and nothing else. For proper operation of DUL and SPF tests on authenticated mail submission from dynamic/"dialup" hosts, see DynablockIssues.
...