You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2008/06/20 02:31:20 UTC
[Bug 5926] New: false positive on RDNS_NONE
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5926
Summary: false positive on RDNS_NONE
Product: Spamassassin
Version: 3.2.4
Platform: PC
OS/Version: Windows 2000
Status: NEW
Severity: normal
Priority: P5
Component: Rules
AssignedTo: dev@spamassassin.apache.org
ReportedBy: nradov@axolotl.com
Created an attachment (id=4338)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4338)
full message that triggered the RDNS_NONE rule
I received a message that got a false positive on the RDNS_NONE rule. Here is
the header in question.
Received: from e33.co.us.ibm.com ([32.97.110.151])
by ax7.axolotl.com (Lotus Domino Release 7.0.3)
with ESMTP id 2008061811175473-72054 ;
Wed, 18 Jun 2008 11:17:54 -0700
Here are the relevant lines from the debugging output.
[5504] dbg: rules: ran header rule __RDNS_NONE ======> got hit: "[
ip=32.97.110.151 rdns= "
[5504] dbg: check: tests=BAYES_20,RDNS_NONE,UNRESOLVED_TEMPLATE
[5504] dbg: check:
subtests=__CT,__CT_TEXT_PLAIN,__DOS_HAS_ANY_URI,__DOS_RCVD_WED,__DOS_RELAYED_EXT,__HAS_ANY_EMAIL,__HAS_ANY_URI,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__LAST_UNTRUSTED_RELAY_NO_AUTH,__MANY_RECIPS,__MIME_VERSION,__MISSING_REF,__MSGID_OK_HOST,__NAKED_TO,__NONEMPTY_BODY,__RDNS_NONE,__SANE_MSGID,__SARE_PHONE_NUM,__SARE_URI_ANY,__SARE_WHITELIST_FLAG,__TOCC_EXISTS,__TVD_BODY,__TVD_MIME_ATT_TP
There is an rDNS entry for the IP address.
C:\>nslookup 32.97.110.151
Server: sjcdc1.axolotl.com
Address: 10.1.8.205
Name: e33.co.us.ibm.com
Address: 32.97.110.151
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5926] false positive on RDNS_NONE
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5926
--- Comment #3 from Nick Radov <nr...@axolotl.com> 2008-06-23 10:30:34 PST ---
Sorry, I misunderstood the RDNS_NONE rule and thought that SpamAssassin would
do the lookup itself rather than just parsing the Received header. As far as I
can tell IBM Lotus Domino 7.0.3 will not automatically insert rDNS information
into a Received header, so perhaps it would be best to add that as a special
case to the RDNS_NONE rule.
Is there any formal documentation on how rDNS information is supposed to be
included in a Received header? I think the general requirement is covered by
RFC 2505, but it doesn't specify a particular format. If Domino isn't doing
what it's supposed to then I would like to open a formal support incident with
IBM, but I need to tell them exactly what it should be doing.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5926] false positive on RDNS_NONE
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5926
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|Undefined |3.3.0
--- Comment #4 from Justin Mason <jm...@jmason.org> 2008-06-24 01:55:14 PST ---
(In reply to comment #3)
> Sorry, I misunderstood the RDNS_NONE rule and thought that SpamAssassin would
> do the lookup itself rather than just parsing the Received header. As far as I
> can tell IBM Lotus Domino 7.0.3 will not automatically insert rDNS information
> into a Received header, so perhaps it would be best to add that as a special
> case to the RDNS_NONE rule.
ok. can you provide more samples of Domino 7.0.3 Received: line formats?
> Is there any formal documentation on how rDNS information is supposed to be
> included in a Received header? I think the general requirement is covered by
> RFC 2505, but it doesn't specify a particular format. If Domino isn't doing
> what it's supposed to then I would like to open a formal support incident with
> IBM, but I need to tell them exactly what it should be doing.
http://wiki.apache.org/spamassassin/EnvelopeSenderInReceived is the nearest
thing we have to a documented, recommended Received: header format. it matches
what is the nearest thing to a de-facto standard.
thanks!
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5926] false positive on RDNS_NONE
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5926
--- Comment #5 from Nick Radov <nr...@axolotl.com> 2008-06-24 09:54:57 PST ---
(In reply to comment #4)
> ok. can you provide more samples of Domino 7.0.3 Received: line formats?
Here are few examples of Received headers extracted from recent messages. In
these examples, both ax1.axolotl.com and ax7.axolotl.com are running Domino
7.0.3.
Example 1:
Received: from ax7.axolotl.com ([63.241.71.50])
by AX1.axolotl.com (Lotus Domino Release 7.0.3)
with ESMTP id 2008062321122608-167990 ;
Mon, 23 Jun 2008 21:12:26 -0700
Received: from an-out-0910.google.com ([209.85.132.191])
by ax7.axolotl.com (Lotus Domino Release 7.0.3)
with ESMTP id 2008062321122538-95836 ;
Mon, 23 Jun 2008 21:12:25 -0700
Received: by an-out-0910.google.com with SMTP id c25so65685154anc.4
for <nr...@axolotl.com>; Mon, 23 Jun 2008 21:12:24 -0700 (PDT)
Example 2:
Received: from ax7.axolotl.com ([63.241.71.50])
by AX1.axolotl.com (Lotus Domino Release 7.0.3)
with ESMTP id 2008062409262788-172004 ;
Tue, 24 Jun 2008 09:26:27 -0700
Received: from capricorn.notesdev.ibm.com ([205.159.212.202])
by ax7.axolotl.com (Lotus Domino Release 7.0.3)
with ESMTP id 2008062409262686-98056 ;
Tue, 24 Jun 2008 09:26:26 -0700
Example 3:
Received: from ax7.axolotl.com ([63.241.71.50])
by AX1.axolotl.com (Lotus Domino Release 7.0.3)
with ESMTP id 2008062409150082-171923 ;
Tue, 24 Jun 2008 09:15:00 -0700
Received: from www3.centraldesktop.com ([66.226.4.171])
by ax7.axolotl.com (Lotus Domino Release 7.0.3)
with ESMTP id 2008062409150032-98001 ;
Tue, 24 Jun 2008 09:15:00 -0700
Received: from www3.centraldesktop.com (localhost.centraldesktop.com
[127.0.0.1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by www3.centraldesktop.com (Postfix) with ESMTPS id D64485C57
for <nr...@axolotl.com>; Tue, 24 Jun 2008 09:14:59 -0700
(PDT)
Received: by www3.centraldesktop.com (Postfix, from userid 80)
id 8B9B15C4F; Tue, 24 Jun 2008 09:14:59 -0700 (PDT)
Example 4:
Received: from ax7.axolotl.com ([63.241.71.50])
by AX1.axolotl.com (Lotus Domino Release 7.0.3)
with ESMTP id 2008062401551715-169306 ;
Tue, 24 Jun 2008 01:55:17 -0700
Received: from brutus.apache.org ([140.211.11.140])
by ax7.axolotl.com (Lotus Domino Release 7.0.3)
with ESMTP id 2008062401551563-96558 ;
Tue, 24 Jun 2008 01:55:15 -0700
Received: by brutus.apache.org (Postfix, from userid 33)
id 572CD234C149; Tue, 24 Jun 2008 01:55:15 -0700 (PDT)
Hopefully that is enough information for you to update the rule. I can supply
more examples if you like.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5926] disable RDNS_NONE rule for IBM Lotus Domino
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5926
Nick Radov <nr...@axolotl.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|false positive on RDNS_NONE |disable RDNS_NONE rule for
| |IBM Lotus Domino
--- Comment #8 from Nick Radov <nr...@axolotl.com> 2008-06-26 15:25:50 PST ---
updated the summary to better reflect the proposed change
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5926] false positive on RDNS_NONE
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5926
--- Comment #7 from Justin Mason <jm...@jmason.org> 2008-06-25 01:54:14 PST ---
(In reply to comment #6)
> Is there really nothing more definitive than that page? It seems to address a
> somewhat different topic rather than directly covering rDNS. I don't think I
> can reasonably take it to IBM and ask for a fix.
I'm afraid that seems to be it :(
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5926] false positive on RDNS_NONE
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5926
--- Comment #6 from Nick Radov <nr...@axolotl.com> 2008-06-24 10:20:35 PST ---
(In reply to comment #4)
> http://wiki.apache.org/spamassassin/EnvelopeSenderInReceived is the nearest
> thing we have to a documented, recommended Received: header format. it matches
> what is the nearest thing to a de-facto standard.
> thanks!
Is there really nothing more definitive than that page? It seems to address a
somewhat different topic rather than directly covering rDNS. I don't think I
can reasonably take it to IBM and ask for a fix.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5926] disable RDNS_NONE rule for IBM Lotus Domino
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5926
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #9 from Justin Mason <jm...@jmason.org> 2008-07-11 03:08:58 PST ---
lots more samples:
http://www.google.com/search?aq=f&hl=en&q="Received%3A+from"+"Lotus+Domino"+"From%3A"+"To%3A"+"Subject%3A"+"with+ESMTP+id"&btnG=Search
fix now in trunk:
: jm 207...; svn commit -m "bug 5926: disable RDNS_NONE for Lotus Domino, it
never performs rDNS lookups"
Sending lib/Mail/SpamAssassin/Message/Metadata/Received.pm
Sending rules/20_dynrdns.cf
Adding t.rules/RDNS_NONE
Adding t.rules/RDNS_NONE/fp_bug5926_ex1
Adding t.rules/RDNS_NONE/fp_bug5926_ex2
Adding t.rules/RDNS_NONE/fp_bug5926_ex3
Adding t.rules/RDNS_NONE/fp_bug5926_ex4
Transmitting file data ......
Committed revision 675902.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5926] false positive on RDNS_NONE
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5926
--- Comment #2 from Justin Mason <jm...@jmason.org> 2008-06-20 02:06:09 PST ---
(In reply to comment #1)
> I think that this bug can be closed as WORKSFORME and you need to look at the
> server configuration at axolotl.com, but I'm a bit outside my area of expertise
> so I will leave this open to give someone a chance to jump in to tell me if
> I've made a mistake in my analysis.
If it's possible to turn on rDNS lookups in the MTA configuration on
ax7.axolotl.com, then yes, I agree with Sidney. (if you can't do that for some
administrative reason, then "score RDNS_NONE 0" would be appropriate.)
if however it's a builtin limitation of Domino r7.0.3 that it cannot perform
rDNS lookups, then we could consider adding an exception from RDNS_NONE for
that MTA...
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5926] false positive on RDNS_NONE
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5926
--- Comment #1 from Sidney Markowitz <si...@sidney.com> 2008-06-19 19:25:51 PST ---
I believe that what's going on is that the server at ax7.axolotl.com is not
properly putting the rdns information in the Received header. The __RDNS_NONE
rule parses the Received header, and does not do a rdns lookup itself. Compare
this header
Received: from e33.co.us.ibm.com ([32.97.110.151])
by ax7.axolotl.com (Lotus Domino Release 7.0.3)
with this one:
Received: from d03relay04.boulder.ibm.com (d03relay04.boulder.ibm.com
[9.17.195.106])
by e33.co.us.ibm.com (8.13.8/8.13.8) with ESMTP id
m5IIHrwJ004657
The server that created the second Received header placed the rdns information
inside the parentheses, before the ip address.
Note that if you fix the 32.97.110.151 Received header, the RDNS_NONE rule is
still triggered by
Received: from ax7.axolotl.com ([63.241.71.50])
by AX1.axolotl.com (Lotus Domino Release 7.0.3)
because ax1.axolotl.com has the same problem. SpamAssassin seems to stop
checking for RDNS_NONE after the first one that it notices.
I think that this bug can be closed as WORKSFORME and you need to look at the
server configuration at axolotl.com, but I'm a bit outside my area of expertise
so I will leave this open to give someone a chance to jump in to tell me if
I've made a mistake in my analysis.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.