<br><br><div class="gmail_quote">On Wed, Jun 10, 2009 at 3:11 PM, Glenn Steen <span dir="ltr"><<a href="mailto:glenn.steen@gmail.com">glenn.steen@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div></div><div class="h5">2009/6/10 Devon Harding <<a href="mailto:devonharding@gmail.com">devonharding@gmail.com</a>>:<br>
><br>
><br>
> On Wed, Jun 10, 2009 at 8:36 AM, Glenn Steen <<a href="mailto:glenn.steen@gmail.com">glenn.steen@gmail.com</a>> wrote:<br>
>><br>
>> 2009/6/10 Devon Harding <<a href="mailto:devonharding@gmail.com">devonharding@gmail.com</a>>:<br>
>> ><br>
>> ><br>
>> > On Wed, Jun 10, 2009 at 3:34 AM, Julian Field<br>
>> > <<a href="mailto:MailScanner@ecs.soton.ac.uk">MailScanner@ecs.soton.ac.uk</a>><br>
>> > wrote:<br>
>> >><br>
>> >><br>
>> >> On 09/06/2009 16:20, Steve Freegard wrote:<br>
>> >>><br>
>> >>> Devon Harding wrote:<br>
>> >>><br>
>> >>>><br>
>> >>>> Ok, here's my dilemma. My ISP has blocked port 25 on my connection,<br>
>> >>>> so<br>
>> >>>> I'm forced to have my DNS provider (EasyDNS) redirect all my email to<br>
>> >>>> port 2525. This works fine, the only problem now is I'm seeing an<br>
>> >>>> influx of SPAM which I believe is because MailScanner is seeing<br>
>> >>>> EasyDNS<br>
>> >>>> as a safe sender& not processing any rules based on IP Address. How<br>
>> >>>> do<br>
>> >>>> I get MailScanner disregard the IP address from EasyDNS and process<br>
>> >>>> the<br>
>> >>>> next hop? I guess something like X-Forwarded-For for SMTP.<br>
>> >>>><br>
>> >>><br>
>> >>> > From the changlog of the latest 4.77 release:<br>
>> >>><br>
>> >>> "Read IP Address From Received Header" has been extended, so it will<br>
>> >>> now<br>
>> >>> take a number instead of yes or no. "yes"=1 and "no"=0. If it is set<br>
>> >>> to<br>
>> >>> "yes" or a number, then the SMTP client IP address is taken from the<br>
>> >>> "Received:" header. For example, setting it to 2 will cause the IP<br>
>> >>> address to be taken from the 2nd Received: header.<br>
>> >>><br>
>> >>><br>
>> >><br>
>> >> You took the words right out of my mouth! :-)<br>
>> >> I knew someone would find this useful before too long...<br>
>> >><br>
>> >> Jules<br>
>> >><br>
>> ><br>
>> > The setting works, but how do I get it work with RCVD_IN_DNSWL_LOW<br>
>> > which<br>
>> > still gives my messages a -1 score.<br>
>> > -Devon<br>
>> ><br>
>> You configure your trusted_networks/internal_networks correctly (for<br>
>> SA... Likely in <a href="http://local.cf" target="_blank">local.cf</a> or <a href="http://mailscanner.cf" target="_blank">mailscanner.cf</a>)... SA will normally<br>
>> "autodetect" what this should be, but since you want to trust the<br>
>> "last hop", you need specify that/those IP addresses (and all "local"<br>
>> trusted networks/addresses) explicitly. Scott gave you a link, but<br>
>> ISTR there should be a better one .... This is to the specific<br>
>> section:<br>
>> <a href="http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html#network_test_options" target="_blank">http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html#network_test_options</a><br>
>> ... and this is to the wiki page:<br>
>> <a href="http://wiki.apache.org/spamassassin/TrustPath" target="_blank">http://wiki.apache.org/spamassassin/TrustPath</a> and another good one:<br>
>> <a href="http://wiki.apache.org/spamassassin/TrustedRelays" target="_blank">http://wiki.apache.org/spamassassin/TrustedRelays</a><br>
>><br>
>> Cheers<br>
>> --<br>
>> -- Glenn<br>
>> email: glenn < dot > steen < at > gmail < dot > com<br>
>> work: glenn < dot > steen < at > ap1 < dot > se<br>
>> --<br>
><br>
> But if I trust my 'last hop', in my case EasyDNS, wouldn't it mark ALL<br>
> messages from them (Including the SPAM) as clean?<br>
</div></div>Only if there were no other Received: lines. Go look at all the links,<br>
they explain what this does far more eloquently then lil' ol' me<br>
can.... or will....:-)<br>
Anyway, the point of ignoring the "most recent" Received: line (in<br>
MailScanner) pretty much fill the same purpose, AFAICS, as including<br>
that relay host(s) IP in your trusted_networks... It'd affect SA rules<br>
on IPs, so ... not exaactly be a "allow everything" thing;-)<br>
<div class="im"><br>
> Here's and example of the mail hops from a SPAM and how MailScanner now sees<br>
> it. (taken from Mailwatch. <a href="http://domain.com" target="_blank">domain.com</a> is used for my domain)<br>
> Received from:<br>
> 38.99.42.36<br>
> Received Via:<br>
> IP Address Hostname<br>
> 64.68.200.52 <a href="http://smtp.easydns.com" target="_blank">smtp.easydns.com</a><br>
> 38.99.42.36 <a href="http://smtp.podomatic.com" target="_blank">smtp.podomatic.com</a><br>
> 127.0.0.1 <a href="http://mars.domain.com" target="_blank">mars.domain.com</a><br>
> 38.99.42.42 <a href="http://luke.dc.podomatic.com" target="_blank">luke.dc.podomatic.com</a><br>
</div>Yes, and including the easydns address /<a href="http://64.68.200.52" target="_blank">64.68.200.52</a>) in your trusted<br>
IPs would mean that the first IP address SA wouldn't trust is the same<br>
as for MS. So what is the problem? As said, there are some very nice<br>
examples of what happens on the rather short and lucid links I gave<br>
you. Read them!<br>
<div class="im"><br>
Cheers<br>
--<br>
-- Glenn<br>
email: glenn < dot > steen < at > gmail < dot > com<br>
work: glenn < dot > steen < at > ap1 < dot > se<br>
--<br>
</div><div><div></div><div class="h5"></div></div></blockquote><div><br></div><div>Perfect explanation! It works </div></div>