From owner-freebsd-questions@FreeBSD.ORG Sun Oct 24 23:04:56 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 733A91065672 for ; Sun, 24 Oct 2010 23:04:56 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from asmtpout027.mac.com (asmtpout027.mac.com [17.148.16.102]) by mx1.freebsd.org (Postfix) with ESMTP id 5744D8FC08 for ; Sun, 24 Oct 2010 23:04:56 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII Received: from [17.151.84.219] by asmtp027.mac.com (Oracle Communications Messaging Exchange Server 7u4-18.01 64bit (built Jul 15 2010)) with ESMTPSA id <0LAT0021AHFPJ580@asmtp027.mac.com> for freebsd-questions@freebsd.org; Sun, 24 Oct 2010 16:04:38 -0700 (PDT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.2.15,1.0.148,0.0.0000 definitions=2010-10-24_02:2010-10-24, 2010-10-24, 1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=6.0.2-1004200000 definitions=main-1010240174 From: Chuck Swiger In-reply-to: Date: Sun, 24 Oct 2010 16:04:37 -0700 Message-id: <862FF685-63B1-47B1-9376-25D9FC2424C9@mac.com> References: <4CBFD2AE.7080402@infracaninophile.co.uk> <891526E2-A52F-4FF5-B1A6-FFF91883E952@mac.com> To: Marwan Sultan X-Mailer: Apple Mail (2.1081) Cc: FreeBSD Questions Subject: Re: My mail server flagged spam! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Oct 2010 23:04:56 -0000 On Oct 24, 2010, at 3:28 PM, Marwan Sultan wrote: [ ... ] > Now to avoid the 2.8 DOS_OE_TO_MX Delivered direct to MX with OE headers error.. > shall i add my domains MX records to local.cf as > trusted_networks mail.domain.com > or as > internal_networks mail.domain.com ? Please see: http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Conf.html#network_test_options http://wiki.apache.org/spamassassin/TrustPath "Why should trusted_networks and internal_networks ever be different? A mail relay that you want to trust in trusted_networks may itself trust its own internal dynamic IP networks. You may trust them not to be a spam source but putting them into your internal_networks list would create a false positive because then those dynamic IPs would be searched for in the DUL lists. This is an example where the two lists need to be different." If need be, also consider whitelist_from_rcvd (or maybe whitelist_auth if you implement SPF or DKIM). I'm also told that something like: meta AUTHD_RELAY !__LAST_UNTRUSTED_RELAY_NO_AUTH describe AUTHD_RELAY Message submission was via an authenticated user score AUTHD_RELAY -10 I believe there is even an optional patch in the spamass-milter port: http://www.freebsd.org/cgi/cvsweb.cgi/ports/mail/spamass-milter/files/extra-patch-addauth?rev=1.2 ...but it is probably better to just tweak the scoring a bit. Or switch to using amavisd-new, which could allow greater flexibility also.... Regards, -- -Chuck