On 30 Aug 2018, at 15:56, Grant Taylor wrote: > On 08/30/2018 01:08 PM, Bill Cole wrote: >> If that MSA is requiring authentication (as it should) and recording that in >> the Received header (as it should) then as I understand it, the handoff of >> the message will not be considered for __RDNS_NONE. > > Okay. > > What happens if the MSA isn't using authentication and instead is configured > to blindly allow relaying from the local / internal / private LAN. As is / > was traditional for a long time for ISPs to allow relaying from their > (client) IP address space. (Granted, this is against best practices.) > > How would this type of scenario effect your statement above?
That will depend on how that particular MTA constructs its Received headers in relation to the parsing in Mail::SpamAssassin::Message::Metadata::Received, which is non-trivial to describe in human language. >> OK, but in that case the MTA would use an IP that should be in >> trusted_networks and have rDNS. > > Agreed. > >> The partner machine's IP should be in trusted_networks AND should have rDNS >> as an explicit technical requirement of the cooperation, which is entirely >> reasonable. > > Okay. > > > > -- > Grant. . . . > unix || die
signature.asc
Description: OpenPGP digital signature