decoder wrote:
> Hello,
>
>
> on our private mail server we now have quite some forwards from
> freemail providers like yahoo, gmx and such. This wasn't a big problem
> previously but there is quite some spam arriving now over those
> forwards that isn't tagged as such (mainly I think because RBLs can't
> strike on those).
>
> Is there away to modify the trust path such that I can actually trust
> the Received header added by the freemailer MTA (so that RBLs can
> match the Received line which is before the freemailer MTAs) ? I
> wouldn't really add all those to trusted hosts (and for yahoo, there
> are tons of mtas it seems).
Nearly all positive-score RBLs will check all untrusted hosts in
Received: headers, except the DUL RBLs and XBL which only check the
first untrusted because they are designed to be used in that manner.
ie: SBL will be tested against *ALL* untrusted hosts, including the IP
delivering mail to the freemailer, not just the freemailer itself.
And of course, nearly every message coming from a freemailer is going to
originate a a DUL, spam or otherwise, so all you'd do here is make every
message from the freemailer match the DULs.
Unless you're hoping to make the whitelist-style RBLs match a message,
there's no reason to trust freemailers for RBL reasons. In fact, it's
contrary to the whole reason the DUL RBLs only check the first untrusted
host in the first place. (i.e.: you shouldn't be nailing messages with
DUL RBLs if they're properly relaying through a server instead of direct
mailing).
smime.p7s (4K) 