Re: trusted_networks and RCVD_IN_DNSWL_*

Lars Ippich schrieb am 18.10.2007 09:32:

>> header RCVD_IN_DNSWL_LOW X-DNS-Whitelist =~ /^low/
>> score RCVD_IN_DNSWL_LOW -1
>> describe RCVD_IN_DNSWL_LOW Sender listed at http://www.dnswl.org/, low trust
[...]
>> # web.de
>> trusted_networks 217.72.192.

> 2) Postfix adds the X-DNS-Whitelist header for this server.

With this setup, the header reflects the DNSWL status of the system that sends the mail to your system. That would be web.de, for example, if web.de delivers to you. This ignores trusted_networks. SA has to check the system that sends to web.de - one step further in the received: chain.

For this, SA 3.2.* has its own rules for DNSWL, which you throw away with your custom rule, since they are identically named. The built-in rule for SA 3.2.* is:

header RCVD_IN_DNSWL_LOW eval:check_rbl_sub('dnswl-firsttrusted', '127.0.\d+.1')
describe RCVD_IN_DNSWL_LOW Sender listed at http://www.dnswl.org/, low trust
tflags RCVD_IN_DNSWL_LOW nice net

With this rule, not the directly sending system is checked for DNSWL, but the sender that sends the mail to the first trusted system in the trusted-path. That would be the system that sent the mail to web.de. The X-DNS-Whitelist header from Postfix is not needed.

How to correct the situation:
Simply remove your customized RCVD_IN_DNSWL_* rules and let SA use its built-in rules. Your trusted_networks entry is correct.

Do you need help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related spamassassin.apache.org Links users Request more information about Pantek

Tschau
Alex Received on Thu Oct 18 05:34:23 2007