spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henrik K <h...@hege.li>
Subject Re: Fake EHLO triggering ALL_TRUSTED
Date Fri, 05 Jul 2019 06:54:30 GMT
On Fri, Jul 05, 2019 at 09:50:35AM +0300, Henrik K wrote:
> On Fri, Jul 05, 2019 at 02:42:28AM +0000, David Jones wrote:
> > Maybe allow the RelayCountry check to happen on the msa network or the 
> > first relay?
> > 
> > Or something like trusted_countries that could provide a limit/boundary 
> > to the trust of trusted_networks?
> > 
> > Compromised accounts often get abused from foreign/unusual countries.  I 
> > have meta rules and DWL/DBL for emails combined with RelayCountry but 
> > these are useless in this situation.
> 
> Perhaps adding new datadata X-Relay-Countries-External would be enough, it
> would check all external IPs (vs untrusted for the default
> X-Relay-Countries).  I think it could use useful in this and other
> situations when there are lots of additional trusted networks.
> 
> Maybe also the X-Relay-Countries-MSA to check client IPs from msa_networks.
> 
> Might even make it to 3.4.3 if KAM wants to delay rc4 just a little bit more.
> :-D

See https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7731


Mime
View raw message