You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by ha...@t-online.de on 2009/01/21 06:01:28 UTC

Re: Wwird flagging of emails to Spam

Hi Roberta,

I think the problem lies in just this snippet:

>> X-SMTP-Auth-NETI-Businesmail: no
>> Received: from ...mada30 (xx.175.190.90.dyn.estpak.ee [xx.190.175.78])
>> 	by Relayhost2.neti.ee (Postfix) with SMTP id CE2621F9E65
>> 	for <.....@online.ee>; Tue, 20 Jan 2009 23:29:07 +0200 (EET)

This reads like a dynamic client originates a message to some (presumably open)
relayhost. In reality I would assume that the sender acts as a civilised one and authenticates
with that "relayhost", which is its outgoing mail server.
Now, an authenticated mail should probably NOT say
x-smtp-auth: no
but the received line SHOULD SAY something like
... by ... with authenticated SMTP
... by ... with ESMTPA
There are a few formats that SA accepts as auth indicators.

So the problem lies with neti.ee - if they are acting as an official outgoing mail server, they
should change their config 

Regards
Wolfgang Hamann

Re: Wwird flagging of emails to Spam

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

> I think the problem lies in just this snippet:
> 
> >> X-SMTP-Auth-NETI-Businesmail: no
> >> Received: from ...mada30 (xx.175.190.90.dyn.estpak.ee [xx.190.175.78])
> >> 	by Relayhost2.neti.ee (Postfix) with SMTP id CE2621F9E65
> >> 	for <.....@online.ee>; Tue, 20 Jan 2009 23:29:07 +0200 (EET)

On 21.01.09 05:01, hamann.w@t-online.de wrote:
> This reads like a dynamic client originates a message to some (presumably open)
> relayhost. In reality I would assume that the sender acts as a civilised one and authenticates
> with that "relayhost", which is its outgoing mail server.
> Now, an authenticated mail should probably NOT say
> x-smtp-auth: no
> but the received line SHOULD SAY something like
> ... by ... with authenticated SMTP
> ... by ... with ESMTPA
> There are a few formats that SA accepts as auth indicators.
> 
> So the problem lies with neti.ee - if they are acting as an official outgoing mail server, they
> should change their config 

And that is also why those messages have *_TO_MX* scores. They were
apparently sent from dynamic IP to mailserver without authentication, or the
authentication info is not mentioned in headers.

If the ISP's MTA will properly tag mail received using authentication, and
SA will use that info, mail will not match *_TO_MX* so it (probably) won't
be marked as spam.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler