A user is registered to logon in EFA to send email (remote SMTP). EFA is efa.domainA.ca. The user send email with user@domaineB.ca.
If I go to see spam rules apply to each email, I have some problems with high spam score... One of the rules is "spf fail". But... the domainB DNS has a TXT record with SPF and "a:efa.domaineB.ca".
What I missed?
Another problem is that spam scores increase by 3.33 for an authenticated user IP in SpamHaus PBL... But I don't understand, it's is public home router IP (he is behind a NAT) and he is sending from Outlook (or Thunderbird not difference) to EFA directly. Sender IP shouldn't have impact... it's not an smtp relay...
Last thing, if the user use Outlook, a rule for outlook header appear...
This is the list of all rules applied...
Code: Select all
-1.90 BAYES_00 Bayes spam probability is 0 to 1% 1.10 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net) 2.84 DOS_OUTLOOK_TO_MX Delivered direct to MX with Outlook headers 0.00 DYN_RDNS_SHORT_HELO_HTML Sent by dynamic rDNS, short HELO, and HTML 1.57 FSL_BULK_SIG Bulk signature with no Unsubscribe 0.00 FSL_HELO_NON_FQDN_1 0.00 HELO_NO_DOMAIN Relay reports its domain incorrectly 1.40 HTML_IMAGE_ONLY_28 HTML: images with 2400-2800 bytes of words 0.00 HTML_MESSAGE HTML included in message 0.40 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS 0.00 PDS_RDNS_DYNAMIC_FP RDNS_DYNAMIC with FP steps 3.33 RCVD_IN_PBL Received via a relay in Spamhaus PBL 0.00 RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address 0.98 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS 0.67 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) -1.86 TXREP Score normalizing based on sender's reputation 0.01 T_REMOTE_IMAGE Message contains an external image
Something to fix here? (I am not sure to understand perfectly what this do...)
Code: Select all
smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access, reject_invalid_hostname smtpd_sender_restrictions = permit_sasl_authenticated, check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain smtpd_data_restrictions = reject_unauth_pipelining smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_rbl_client zen.spamhaus.org smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_recipient_access hash:/etc/postfix/recipient_access, check_policy_service inet:127.0.0.1:2501, reject_unverified_recipient
[conceptid@efa postfix]$ ls -al *access
-rw-r--r--. 1 root root 21519 Apr 9 2020 access
-rw-r--r--. 1 root root 0 Apr 9 2020 helo_access
-rw-r--r--. 1 root root 0 Apr 9 2020 recipient_access
-rw-r--r--. 1 root root 0 Apr 9 2020 sender_access