On Fri, 31 Aug 2018, John Hardin wrote:
On Fri, 31 Aug 2018, Matus UHLAR - fantomas wrote:
On Thu, 30 Aug 2018, Matus UHLAR - fantomas wrote:
That further causes hitting HDR_ORDER_FTSDMCXX_DIRECT and
HDR_ORDER_FTSDMCXX_NORDNS in cases where client uses the mail client on
local network, without SMTP authentication, and without DNS (which may be
quite common in some organizations).
On 30.08.18 16:57, John Hardin wrote:
Are you experiencing this yourself, so that you can do some testing?
Yes.
Thanks!
If you do have a repro env, can you check whether that internal network is
listed as such in the SA config?
Would you be willing to do this and report whether it hits on those
messages?
header ANY_EXTERNAL_RELAY ALL-EXTERNAL =~ /\S/
score ANY_EXTERNAL_RELAY 0.001
I have tested: ANY_EXTERNAL_RELAY appears when the client's IP is in
trusted_networks, it does not when it's in internal_networks.
It shouldn't have anything to do with trusted_networks, it's intended to
check whether or not all the participating IPs are in internal_networks.
There's currently no rule for doing that.
__ANY_EXTERNAL hits 99.9% of spam and 97.6% of ham. I'd suggest that
masscheckers might want to see if they can add ham from internal users to
other internal users, especially if it looks spammy were it to be received
from an external source.
Filtering on "has an external relay" might be preferable to filtering on
!ALL_TRUSTED since "trust" doesn't say anything about rDNS or it being a
MUA.
None of the masscheck corpora that hit __HDR_ORDER_FTSDMCXXXX also hit
ALL_TRUSTED (or at least the portion is so small it falls off the bottom
of the report) so I don't feel too worried about adding either
!ALL_TRUSTED or __ANY_EXTERNAL (or potentially both) as exclusions.
I'm adding __ANY_EXTERNAL now...
Comments solicited.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
At $8 billion per year, the TSA is the most expensive
theatrical production in history. -- David Burge @iowahawkblog
-----------------------------------------------------------------------
519 days since the first commercial re-flight of an orbital booster (SpaceX)
