On Fri, 3 Sep 2010, Emin Akbulut wrote:
2010/9/2 Karsten Br?ckelmann <guent...@rudersport.de>
Kind of repeating myself here, but... HOW does SA running on the third
machine get the message? The headers you showed us aren't necessarily
the ones SA ultimately gets to see.
Oh god, it's not mystery, my mail server got two IP, an internal
and a real IP. SA has only internal IP. That's it. So my hop count
from mail client to server, server to SA, always 1.
I'm authenticated, there is no doubt.
Using just the mail headers that you provided as an example, show us how
we are to know the sender is authenticated. Proof by vigorous assertion is
not proof.
Let me explain why I did ask that question; what is HELO_NO_DOMAIN?
The HELO does not contain a domain part. From your example:
Received: from ea2 ([78.186.240.194]) by izsmmmo.com with MailEnable ESMTP;
"ea2" is not a fully qualified host name. There is no domain part.
because SA scores our users and they are not spammers, they are ordinary
authenticated message senders, just like me. HELO_NO_DOMAIN and
FSL_HELO_NON_FQDN_1 and a few others make innocent messages nearly spam.
That is because you are scanning outbound mail while making no provision
for the way a MUA will submit messages. If you configured all of your mail
clients to use a fully-qualified host name instead of just a machine name,
these problems would go away.
So I have to fix HELO_NO_DOMAIN problem.
I told you how to do that.
(1) fix your mail clients to use fully-qualified host names rather than
just machine names,
or
(2) stop scanning outbound mail,
or
(3) write a rule that recognizes locally-originated messages and subtracts
(say) five points from the score.
I'm asking in another way another point of view:
*HELO_NO_DOMAIN Relay reports its domain incorrectly*
So what/who is relay here and what reports incorrect?
"Relay" is "the system that submitted the message". For the purposes of
the HELO string it does not matter whether that is a MTA or a MUA.
"Incorrect" is "it did not use a FQDN".
There is no problem with the rule.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Vista is at best mildly annoying and at worst makes you want to
rush to Redmond, Wash. and rip somebody's liver out. -- Forbes
-----------------------------------------------------------------------
15 days until the 223rd anniversary of the signing of the U.S. Constitution
