[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-users
Subject:    Re: only use last received header
From:       Adam Denenberg <adam () sa ! dberg ! org>
Date:       2004-04-30 3:09:08
Message-ID: BF363409-9A53-11D8-803F-003065B11AE8 () sa ! dberg ! org
[Download RAW message or body]

so do you recommend using num_check_received to 1, or setting 
trusted_networks to my mailservers internal ip range ?

adam

On Apr 29, 2004, at 10:58 PM, Matt Kettler wrote:

> At 09:58 PM 4/29/04 -0400, Adam Denenberg wrote:
>
>> is there a way to only check RBL's the way, say, RBLSMTPD does for 
>> qmail, in that it will only check against the ip address that 
>> delivered the mail.  I.E., the last hop before the SA mailserver 
>> receives it?
>>
>>  I am having some issues where recieved headers in the middle of the 
>> message are triggering RBL's to be set off.
>
> You can restrict SA to checking the last received: header only by 
> using:
>         num_check_received 1
>
> However, if the problem RBLs are dialup-list type RBLs (ie: 
> dynablock), you're probably suffering from the "over-trust" problem. 
> You can fix that one by forcing a trusted_networks setting to contain 
> _only_ your mailserver. Basicaly SA checks every IP that drops mail 
> off to a "trusted" host against dialup lists. If SA gets confused in 
> it's automatic decisions and trusts an ISP's mailserver, it can wind 
> up false-firing on legitimate dialup mail.
>
>         trusted_networks 192.168.1.1/32

[prev in list] [next in list] [prev in thread] [next in thread]