On Mon, 10 Nov 2014 23:30:28 -0500 (EST) Derek Diget wrote: > > We have a department that has subscribed to a service in the cloud > product that is sending email to us via our MX record. The problem > is that they appear to be using shared servers/IPs and thus every > once in a while mail will source from an IP address that will cause > it to score above 5. ...
> I would like to use whitelist_from_rcvd as the envelope from > (RFC5321.MailFrom) and sending system is not exactly static, but > close enough that the globing should work. The issue is that SA is > running on our MXes via a milter and since SA (and these boxes) only > see MX traffic, trusted_networks and/or internal_networks are empty. > This causes the whitelist_from_rcvd to never fire. > > Our MTA does construct a synthetic "Received" header > > My question is how can I make this "Received" header "trusted" What makes you think it isn't? Most blocklists run on the last-external IP address, the fact that it's being flagged as spam based on IP address suggests it is. Try adding the following to local.cf: add_header all Relays-External _RELAYSEXTERNAL_ The first section of this header should have the parsed information from the MX server. Check that the ip and rdns fields are correct.