Hi everyone,
Paul Boven wrote:
One of my users just spotted a FN that had managed to slip trough.
They're abusing 70_sare_whitelist.cf, specifically:
whitelist_from_rcvd [EMAIL PROTECTED] vonage.com
# Vonage voice mail notification
I'm now catching these on several mailservers that we run, so I'm
assuming this is getting abused quite a bit. And it's very effective
because the default score for whitelist_from_rcvd is -100. What worries
me is that whitelist_from_rcvd gets triggered, even though the mail
obviously is forged, unless vonage sends their mails from China.
So my question is, still, why does the email (see my previous posting
for headers) hit the whiltelist_from_rcvd? Is my trusted networks
confused? Does it get hit because the mail was processed by the
(trusted) backup-MX first?
Regards, Paul Boven.