Raimar Sandner wrote:
Hi!
SpamAssassin version 3.1.3 is reporting a false positive if the
sender (gmx address) has a dialup connection and the recepiant (also
gmx address) uses fetchmail to pull the message from pop.gmx.net
(see example below). The HELO_DYNAMIC rules apply because mail.gmx.net
does not add authentication tokens to the recieved header, and because
mail.gmx.net does not relay the message.
Is there a way to tell SA that I'm positive about mail.gmx.net to
only allow authenticated connections, similar to trusted_networks?
Adding mail.gmx.net to trusted_networks does not help.
Removing mail.gmx.net from your trusted networks will work. Of course
you can only do that if both 213.165.64.21 and 213.165.64.20 don't
appear in mail relayed via your (or gmx.net's) MXes.
Daryl
