You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by dougp23 <do...@gmail.com> on 2008/03/12 14:30:38 UTC
new version always trusts 127.0.0.1
Hi. Running SA 3.1.8
Would like to move to a newer version for a few reasons...
Anyways the 3.2.3 version looks compelling, but I use a mailserver called
Scalix. It uses Sendmail as its engine. But each X-Spam header shows this:
rhost=localhost,raddr=127.0.0.1,rport=34757,
Which makes me think that for my mailserver, ALL email appears to originate
from the localhost. In fact, under 3.1.8, I once tried to set the network
ignore option to 127.0.0.1, and all spam immediately was let through.
Just wondering if I am missing something or do I just utilize a flaky
mailserver, lol!
--
View this message in context: http://www.nabble.com/new-version-always-trusts-127.0.0.1-tp16002310p16002310.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: new version always trusts 127.0.0.1
Posted by Matt Kettler <mk...@verizon.net>.
Doug Poulin wrote:
> Well here is the actual headers:
>
> Mar 11 13:48:20 x1mail spamd[6116]: spamd: result: Y 22 -
> DATE_IN_FUTURE_12_24,
> FORGED_MUA_OUTLOOK,HTML_MESSAGE,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,
> URIBL_SC_SURBL
> scantime=17.6,size=3023,user=root,uid=501,required_score=3.0,
> rhost=localhost,raddr=127.0.0.1 <http://127.0.0.1>,rport=34757,
> mid=<31...@jacky3b8126d7b>,autolearn=disabled
Ahh, that's the spamd logs, not the X-Spam headers..
All the rhost=localhost... bit means is that's where spamc is running
and feeding spamd messages. Since it's possible to run spamd on a
separate server than your email frontent, this isn't always localhost
for everyone, but in your case it likely always will be. However, that
part has nothing to do with spamassassin's analysis. SA will always
process the message the same way, no matter how it got fed to spamd, and
the spam tests do not have access to that information.
>
> Thanks for any help. And believe it or not, that was a LEGITIMATE
> message....I need to do a little digging to see where this guy was
> sending from, but it was a proposal to reorder some forms we use!
Sounds like he needs to fix his clock, and find out what URL in the
message body was blacklisted by every SURBL test... The rest is probably
minor.. the FORGED_MUA_OUTLOOK is probably a FP. Microsoft changes
outlook's output formats faster than you can blink an eye.
>
> Thanks again!
No problem.
Re: new version always trusts 127.0.0.1
Posted by Doug Poulin <do...@gmail.com>.
Well here is the actual headers:
Mar 11 13:48:20 x1mail spamd[6116]: spamd: result: Y 22 -
DATE_IN_FUTURE_12_24,
FORGED_MUA_OUTLOOK,HTML_MESSAGE,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,
URIBL_SC_SURBL scantime=17.6,size=3023,user=root,uid=501,required_score=3.0,
rhost=localhost,raddr=127.0.0.1,rport=34757,
mid=<31...@jacky3b8126d7b>,autolearn=disabled
Thanks for any help. And believe it or not, that was a LEGITIMATE
message....I need to do a little digging to see where this guy was sending
from, but it was a proposal to reorder some forms we use!
Thanks again!
On Wed, Mar 12, 2008 at 10:14 AM, Matt Kettler <mk...@verizon.net>
wrote:
> dougp23 wrote:
> > Hi. Running SA 3.1.8
> >
> > Would like to move to a newer version for a few reasons...
> >
> > Anyways the 3.2.3 version looks compelling, but I use a mailserver
> called
> > Scalix. It uses Sendmail as its engine. But each X-Spam header shows
> this:
> >
> > rhost=localhost,raddr=127.0.0.1,rport=34757,
> >
> Erm.. What's that generated by? That's not SpamAssassin...
> > Which makes me think that for my mailserver, ALL email appears to
> originate
> > from the localhost. In fact, under 3.1.8, I once tried to set the
> network
> > ignore option to 127.0.0.1, and all spam immediately was let through.
> >
> Well, even if SpamAssassin trusts a host, and all the hosts involved in
> handling a message, it will still scan it. You'll just see the
> ALL_TRUSTED rule fire off. That reduces the score a little, but not
> enough that you'd be missing all spam..
>
> Your problem is more compressive, as it sounds like email isn't even
> being scanned by SA.
>
> Is there a spamassassin generated X-Spam-Status with a list of rule hits
> on those spam emails?
>
>
>
> > Just wondering if I am missing something or do I just utilize a flaky
> > mailserver, lol!
> >
> >
> >
>
>
RE: new version always trusts 127.0.0.1
Posted by "James E. Pratt" <jp...@norwich.edu>.
> -----Original Message-----
> From: Matt Kettler [mailto:mkettler_sa@verizon.net]
> Sent: Wednesday, March 12, 2008 11:14 AM
> To: dougp23
> Cc: users@spamassassin.apache.org
> Subject: Re: new version always trusts 127.0.0.1
>
> dougp23 wrote:
> > Hi. Running SA 3.1.8
> >
> > Would like to move to a newer version for a few reasons...
> >
> > Anyways the 3.2.3 version looks compelling, but I use a mailserver
> called
> > Scalix. It uses Sendmail as its engine. But each X-Spam header
> shows this:
> >
> > rhost=localhost,raddr=127.0.0.1,rport=34757,
> >
> Erm.. What's that generated by? That's not SpamAssassin...
> > Which makes me think that for my mailserver, ALL email appears to
> originate
> > from the localhost. In fact, under 3.1.8, I once tried to set the
> network
> > ignore option to 127.0.0.1, and all spam immediately was let
through.
> >
> Well, even if SpamAssassin trusts a host, and all the hosts involved
in
> handling a message, it will still scan it. You'll just see the
> ALL_TRUSTED rule fire off. That reduces the score a little, but not
> enough that you'd be missing all spam..
>
> Your problem is more compressive, as it sounds like email isn't even
> being scanned by SA.
>
> Is there a spamassassin generated X-Spam-Status with a list of rule
> hits
> on those spam emails?
>
>
>
> > Just wondering if I am missing something or do I just utilize a
flaky
> > mailserver, lol!
> >
> >
> >
LOL... I won't answer your last question for fear of being flamed(!),
... but.. have you tried hitting up the Scalix folks and/or their
dev/support forums on this?
Regards,
jamie
Re: new version always trusts 127.0.0.1
Posted by Matt Kettler <mk...@verizon.net>.
dougp23 wrote:
> Hi. Running SA 3.1.8
>
> Would like to move to a newer version for a few reasons...
>
> Anyways the 3.2.3 version looks compelling, but I use a mailserver called
> Scalix. It uses Sendmail as its engine. But each X-Spam header shows this:
>
> rhost=localhost,raddr=127.0.0.1,rport=34757,
>
Erm.. What's that generated by? That's not SpamAssassin...
> Which makes me think that for my mailserver, ALL email appears to originate
> from the localhost. In fact, under 3.1.8, I once tried to set the network
> ignore option to 127.0.0.1, and all spam immediately was let through.
>
Well, even if SpamAssassin trusts a host, and all the hosts involved in
handling a message, it will still scan it. You'll just see the
ALL_TRUSTED rule fire off. That reduces the score a little, but not
enough that you'd be missing all spam..
Your problem is more compressive, as it sounds like email isn't even
being scanned by SA.
Is there a spamassassin generated X-Spam-Status with a list of rule hits
on those spam emails?
> Just wondering if I am missing something or do I just utilize a flaky
> mailserver, lol!
>
>
>