We have a department that has subscribed to a service in the cloud product that is sending email to us via our MX record. The problem is that they appear to be using shared servers/IPs and thus every once in a while mail will source from an IP address that will cause it to score above 5.
I would like to use whitelist_from_rcvd as the envelope from (RFC5321.MailFrom) and sending system is not exactly static, but close enough that the globing should work. The issue is that SA is running on our MXes via a milter and since SA (and these boxes) only see MX traffic, trusted_networks and/or internal_networks are empty. This causes the whitelist_from_rcvd to never fire.
Our MTA does construct a synthetic "Received" header as it passes the message to SA via the milter interface. The message is passed to SA before the MTA accepts/rejects the message (scanned before the reply to DATA command). The Received header it creates and adds before sending to SA is what the Received header would look like if the message had been accepted, queued and then handed off to SA via the LDA. Therefore, the "from" clause is whatever system is relaying the message (HELO, DNS and IP), and the "by" clause is our system's name.
My question is how can I make this "Received" header "trusted" or how can I force whitelist_from_rcvd to fire (or some other way to whitelist a sending pair - envelope from, sending IP/host). I don't want to add the IPs of the cloud provider to the trusted_networks. I know that the first/top Received header can be trusted.
-- *********************************************************************** Derek Diget Office of Information Technology Western Michigan University - Kalamazoo Michigan USA - www.wmich.edu/ ***********************************************************************
