Hello.
I've got a long standing server, where I run FreeBSD (13.1) + sendmail
(8.17.1) + MIMEDefang (2.84) + SpamAssassin (3.4.6).
(I know there are more recent versions, but that's what ports currently
provide).
This has been working perfectly for years.
Since the beginning of this year, however, incoming (SMTP authenticated)
mail from clients outside the LAN is marked as spam.
E.g.
X-Spam-Score: 10.756 (**********)
BAYES_00,KAM_DMARC_REJECT,KAM_DMARC_STATUS,KAM_LOTSOFHASH,KHOP_HELO_FCRDNS,LOTS_OF_MONEY,PDS_RDNS_DYNAMIC_FP,RCVD_IN_PBL,RCVD_IN_ZEN_LASTEXTERNAL,RDNS_DYNAMIC,SPF_FAIL,TO_EQ_FM_DOM_SPF_FAIL
Right now I instructed MIMEDefang to avoid passing authenticated mails
to SpamAssassin, but this is not what I ideally want. (If a client gets
compromised...).
My real wish would be to always run messages through SpamAssassin, but
avoid RBL/SPF/DMARC/dynamic IPs/etc... checks for those that come from
an authenticated client, as these rules make no sense in that case.
What's the best practice to achieve this result?
bye & Thanks
av.
