On 1/26/23 08:51, Andrea Venturoli wrote:
On 1/26/23 08:23, Matus UHLAR - fantomas wrote:So, I'm tempted to conclude that I don't need to mess with internal_networks, msa_networks, and trusted_networks,Not hereOk.clients submitting mail without authentication (which was very common >10 years ago and still persists somewhere).Dreadful :)or call synthesize_received_header in MIMEDefang.With milter, you need to synthetize Received: header, because milter does see the mail as it came to your MTA, without the locally added Received: header.So, this is possibly the problem. I'll investigate. (I'll also need to upgrade/patch MIMEDefang before I can use this. Thanks Giovanni for pointig this out! I guess this will save me a lot of would be wasted time).I guess it's just because of this Received: header that wasn't seen when mimedefang processed the mail.Hmm, then how could spamassassin possibly apply PDS_RDNS_DYNAMIC_FP,RCVD_IN_PBL,RCVD_IN_ZEN_LASTEXTERNAL,RDNS_DYNAMIC,... rules? Where does it get the source IP from? I only see it there and in an X-Authentication-Warning header (but I guess MIMEDefang would also not see this one).
MIMEDefang 2.84 will syntetize an header like: by $hostname (envelope-sender $Sender) (MIMEDefang) with ESMTP id $MessageID" even for authenticated emails while MIMEDefang 2.85+ will inject ESMTPA header for authenticated emails. This will change which SpamAssassin rules are triggered. Giovanni
Perhaps there are other Received: headers in the e-mail?Absolutely not. There's only the one I posted. bye & Thanks av.
OpenPGP_signature
Description: OpenPGP digital signature