Marc, > I was wondering what amavisd-new does exactly to ensure Received > header sanity.
Not much. Sanity != trustworthiness, there isn't much value in checking sanity when data can not be trusted, so it shouldn't be used for any important decision - and it isn't. > For example if I look at my logs I see > " Passed SPAM, [80.92.69.56] [77.87.224.34] " > The first IP is the one delivering to my MX, so it can be trusted. The > second IP is the IP from the first host (i.e. last Received: header) > in the mail. The first IP address in the log (%a) is the one that can be trusted. It is the information provided by Postfix about the smtp client's IP address. The second IP address (macro %e) is the first public address (bottom-up) that can be parsed from a received trace. It is logged for purely informational purposes, and has no value beyond that - just saves you manually inspecting the header every once in a while. > Obviously the IP 77.87.224.34 is a fake since the "from" line in the > upper header has nothing to do with the " by" line in the lower > header. (I would have liked to see [217.95.30.242] as the second log > entry, or simply an empty entry if it was not sure.) It can never be certain, one way or another. The information is coming from untrusted source, anything beyond the topmost Received header can be a fake. > If I feed such mails to spamcop they recognize the fraud, but I guess > amavis (still?) doesn't. Amavisd never uses the %e address for any decision. Mark ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
