Re: trusted_networks and RCVD_IN_DNSWL_*

Matthias,

>> Now I added IPs to trusted_networks and that causes another problem: The
>> trusted_network IPs are in the DNSWL and therefore get a positive bonus
>> from SA.

Sure:

> header RCVD_IN_DNSWL X-DNS-Whitelist =~ /^none/
> score RCVD_IN_DNSWL -0.1
> describe RCVD_IN_DNSWL Sender listed at http://www.dnswl.org/, no trust
>
> header RCVD_IN_DNSWL_LOW X-DNS-Whitelist =~ /^low/
> score RCVD_IN_DNSWL_LOW -1
> describe RCVD_IN_DNSWL_LOW Sender listed at http://www.dnswl.org/, low trust
>
> header RCVD_IN_DNSWL_MED X-DNS-Whitelist =~ /^med/
> score RCVD_IN_DNSWL_MED -4
> describe RCVD_IN_DNSWL_MED Sender listed at http://www.dnswl.org/, medium trust
>
> header RCVD_IN_DNSWL_HI X-DNS-Whitelist =~ /^hi/
> score RCVD_IN_DNSWL_HI -8
> describe RCVD_IN_DNSWL_HI Sender listed at http://www.dnswl.org/, high trust
>
> header RCVD_IN_DNSWL_NO X-DNS-Whitelist =~ /^No$/
> score RCVD_IN_DNSWL_NO 0.1
> describe RCVD_IN_DNSWL_NO Sender *not* listed at http://www.dnswl.org/
>
> # web.de
> trusted_networks 217.72.192.

What now happens is the following:

1. I get an mail (from a server within the trusted_networks range).
2. Postfix adds the X-DNS-Whitelist header for this server.
3. SpamAssassin gets the mail and checks it. 3a) SpamAssassin notes that the mail has been handled by a server from the trusted_networks range before. 3b) Therefore SpamAssassin applies all tests to the server one more hop away. 3c) SpamAssassin does not know that the X-DNS-Whitelist entry does not belong the the server within the trusted_networks range and therefore applies a bonus score on the mail.
4. The mail does not get ranked as spam due to the bonus spam.
5. I get spam.

If it is not possible to make something like an if statement preventing this from happening, I would be happy about some information on how to integrate dnswl.org into SpamAssassin.

Thanks,
Lars Received on Thu Oct 18 03:29:52 2007