You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2004/01/08 00:01:56 UTC

[Bug 2906] New: Courier Received header format not detected - causing false positive on RCVD_IN_DYNABLOCK

http://bugzilla.spamassassin.org/show_bug.cgi?id=2906

           Summary: Courier Received header format not detected - causing
                    false positive on RCVD_IN_DYNABLOCK
           Product: Spamassassin
           Version: 2.61
          Platform: PC
        OS/Version: FreeBSD
            Status: NEW
          Severity: major
          Priority: P5
         Component: Rules
        AssignedTo: spamassassin-dev@incubator.apache.org
        ReportedBy: mitch@webcob.com


I'm playing with a way to skip spamc altogether for local users (the third case 
below) - not sure if that is the best way though as it certainly involves a 
little more work than the default install (a more careful check of Received 
headers BEFORE calling spamc) - but will try it anyways... (thanks to Gordon 
Messmer) - at any rate, this other case seems to be a bug in SA, so here it is 
again - will post the correct rule set to bypass if I get it figured out.

Thanks.

m/

With the help of Shane Williams (who received a message and showed me how it 
passed his SA ok) I figured out the following:

Courier formats it's received lines like this (this trips RCVD_IN_DYNABLOCK):

Received: from bigass1.XXX.com ([66.199.X.X])
  by slim1.XXX.com with esmtp; Tue, 06 Jan 2004 23:56:09 +0000
Received: from a1200 ([24.83.X.X])
  (AUTH: LOGIN mitch@XXX.com)
  by bigass1.XXX.com with esmtp; Tue, 06 Jan 2004 23:56:09 +0000

Shane I presume (by version numbers) is running sendmail - which has a 
different Received format and DOESN'T trip RCVD_IN_DYNABLOCK:

Received: from bigass1.XXX.com (ns1.XXX.com [66.199.X.X])
	by fiat.XXX.edu (8.12.10/8.12.10) with ESMTP id
    i06MBJ6U020255
	for <br...@XXX.edu>; Tue, 6 Jan 2004 16:11:19 -0600
Received: from a1200 ([24.83.X.X])
  (AUTH: LOGIN mitch@XXX.com)
  by bigass1.XXX.com with esmtp; Tue, 06 Jan 2004 22:09:53 +0000

So for starters, the "-notfirsthop" option seems to be missing my first header.

And for seconds... I will still have a problem when my first header is 
AUTHENTICATED.
If I send mail to myself, my ONLY received header looks like:

Received: from a1200 ([24.83.X.X])
  (AUTH: LOGIN mitch@XXX.com)
  by bigass1.XXX.com with esmtp; Tue, 06 Jan 2004 23:56:09 +0000

Which I think should be ignored - although headers can be forged, the first 
header can't - right? And if it says authenticated, I shouldn't be penalized 
for sending mail to myself - right?

So now what - do I file a bug report ? or have I already put the info in the 
right place?

Thanks a bunch for the tool - glad to do my bit - I imagine that this problem 
affects all courier users. Unless I'm missing something?

Thanks!

m/



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.