On 06.10.07 11:51, Dan Mahoney, System Admin wrote: > I checked on this email. My system is right: it is an spf soft-fail. At > this point, ninety nine percent of people who set up SPF are going to be > setting ~all and not understanding the difference between ~all and -all. > And this did constitute a fail (i.e. a forgery), but there's no rule that > hit. > > We've had the debate before, that SPF alone should not stop spam, but here > it is: a legitimate domain hijack and SA isn't hitting?
afaik the > Also, what's up with RDNS_NONE? My sendmail won't accept a connection > unless your RDNS resolves, or you send in the domain literal format. I > did a quick search and found a few bugs on this. how do you mean it? How did you achieve this? The IP has no reverse DNS so the hit is correct (or do you have private DNS for 220.226.197.15 ? > We've already been over DKIM_POLICY_SIGNSOME -- I'm still in favor of > making a new rule for the implicit policy (DKIM_NOPOLICY or > DKIM_POLICY_ASSUMED_SIGNSSONE) rather than the explicit one. AFAIK this was removed in newer versions of SA (because it confused users?) > The Ironport-Anti-Spam score is bogus but we have no way of checking the > result? > > The Ironport-AV score is probably also bogus? Are "valid" values for i > and a documented somewhere? those two are probably added by intermediate relay. I would not trust them unless I trust the server who added them > The X-Originating-IP of 127.0.0.1 is probably accurate (after all, the > sending host must have had a 127.1), but useless and either the result of > a bug (i.e. a misconfigured mailserver, from which we should not accept), > or an intentional attempt to fool filters to believe it's "trusted" (for > those systems that check this header) and should be ignored or a rule > created? It's probably for the admins of mail seource to know where it was submitted from. Don't remove it from spam report. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam = (S)tupid (P)eople's (A)dvertising (M)ethod
