On 19 Apr 2021, at 11:30, Matus UHLAR - fantomas wrote:
I understand this as:
if mail was received by internal relay unauthenticated, it's
external,
On 19.04.21 12:49, Bill Cole wrote:
I cannot make SA behave that way.
On 19 Apr 2021, at 13:03, Matus UHLAR - fantomas wrote:
why not?
On 19.04.21 13:20, Bill Cole wrote:
When I provide SA with a message that has stepped through 2 internal
machines with no authentication, SA *DOES NOT* insert any information
about the relay host in X-Spam-Relays-External.
OK, this how I understand it:
__LAST_EXTERNAL_RELAY_NO_AUTH
- message received from external (by internal) network unauthenticated
- incoming message
- check SPF/DKIM/DMARC
!__LAST_EXTERNAL_RELAY_NO_AUTH
- message received from external (by internal) network authenticated
- locally generated/outgoing message
- don't check SPF/DKIM/DMARC, may DKIM-sign
e.g., these received headers:
Return-Path: <r...@skinnyclam.scconsult.com>
Received: from skinnyclam.scconsult.com (skinnyclam.scconsult.com
[192.168.254.125])
by toaster.scconsult.com (Postfix) with ESMTP id
4FP7Tb0wWWz5q7dl
for <b...@scconsult.com>; Mon, 19 Apr 2021 09:49:23 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
by skinnyclam.scconsult.com (Postfix) with ESMTP id D74214C88329
for <b...@scconsult.com>; Mon, 19 Apr 2021 09:49:22 -0400 (EDT)
Results in these RELAYS* assignments:
Apr 19 12:38:23.932 [14599] dbg: check: tagrun - tag RELAYSTRUSTED is
now ready, value: [ ip=192.168.254.125 rdns=skinnyclam.scconsult.com
helo=skinnyclam.scconsult.com by=bigsky.scconsult.com ident=
envfrom=r...@skinnyclam.scconsult.com intl=1 id=4FP7Tb0wWWz5q7dl auth=
msa=0 ] [ ip=127.0.0.1 rdns=localhost helo=localhost
by=skinnyclam.scconsult.com ident=
envfrom=r...@skinnyclam.scconsult.com intl=1 id=D74214C88329 auth=
msa=0 ]
Apr 19 12:38:23.932 [14599] dbg: check: tagrun - tag RELAYSUNTRUSTED
is now ready, value:
Apr 19 12:38:23.932 [14599] dbg: check: tagrun - tag RELAYSINTERNAL
is now ready, value: [ ip=192.168.254.125
rdns=skinnyclam.scconsult.com helo=skinnyclam.scconsult.com
by=bigsky.scconsult.com ident= envfrom=r...@skinnyclam.scconsult.com
intl=1 id=4FP7Tb0wWWz5q7dl auth= msa=0 ] [ ip=127.0.0.1 rdns=localhost
helo=localhost by=skinnyclam.scconsult.com ident=
envfrom=r...@skinnyclam.scconsult.com intl=1 id=D74214C88329 auth=
msa=0 ]
Apr 19 12:38:23.932 [14599] dbg: check: tagrun - tag RELAYSEXTERNAL
is now ready, value:
this should be the correct case above - this is mail created in your
network, you chould not check, but sign it instead.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler
