Question about Postfix, SA and rbl checks
Jens Kleikamp
jens at codes-concepts.com
Fri Jun 20 00:49:58 CEST 2008
Hi Guys,
I got a false positive which is tagged by SA and the
following rules hit the mail:
"RCVD_IN_BL_SPAMCOP_NET=4.1, RCVD_IN_PSBL=3"
Besides SA I also setup postfix to do some rbl checks as well.
I set "reject_rbl_client bl.spamcop.net," to the
smtpd_recipient_restrictions directive.
Now I try to understand why the mail passed the mta checks, but was hit
by SA (RCVD_IN_BL_SPAMCOP_NET).
I tried to analyse the source code of the email which is also availeable
at http://nopaste.biz/44497
I identify 3 third-party systems in the received headers:
Sender (DSL Conncection) --> ISP Mailsever (clean) --> mozdev
mailinglist server (also clean)
The sender delivered the mail over an authenticated smtp connection to
his isp mailserver which then sends the mail to the mozdev
mailinglist-server which then sends the mail to my mailserver.
My guess is that postfix did a rbl check of the IP from the mozdev
system which is clean, so mail passed. ( I think this is okay )
But then SA did not use the mozdev IP but the original sender
dynamic-dsl IP address for the rbl check. I think that is not
okay since the dynamic IP of the sender doesn?t have any important
meaning because the sender used an authenticated smtp session, So it
should not be used by SA to do rbl checks.
Thank you in advance
best regards
Jens
More information about the users
mailing list