RCVD_IN_BSP_TRUSTED

Matt Kettler mkettler at evi-inc.com
Mon Oct 23 19:18:22 IST 2006


Jim Coates wrote:

> 
> 
> Matt,
> 
> No - I believe the other tests have been working fine.  Here are a few
> examples of test results:

Yeah, but those do not tell me if the other tests are working correctly.


> All three of these came from inline image spam.  All three managed to get a
> pretty big boast in the HAM direction because of the BSP_TRUSTED rule.

You have two options:

1) Feed the message manually to spamassassin -t on the command line. This will
tell you in the body-text report which IP matched BSP trusted.

It should be the IP that delivered the message to your MX. If it's not, your
trust path is broken.



2) Find out which IP is delivering the message to your network. That should be
the one checked against BSP_TRUSTED.

Reverse the IP, and do a manual lookup against sa-trusted.bondedsender.org.

ie: to look up 66.135.209.212, an e-bay MX which is BSP listed:

# dig 212.209.135.66.sa-trusted.bondedsender.org

<snip>

;; ANSWER SECTION:
212.209.135.66.sa-trusted.bondedsender.org. 0 IN A 127.0.0.10


If it's not listed, your trust path is broken. You can try the other IPs to see
which one SA is testing against. My guess is it's going out one-hop too far and
trusting a forged header.


More information about the MailScanner mailing list