new version always trusts 127.0.0.1

[dougp23 <do...@gmail.com>]

Hi.  Running SA 3.1.8

Would like to move to a newer version for a few reasons...

Anyways the 3.2.3 version looks compelling, but I use a mailserver called
Scalix.  It uses Sendmail as its engine.  But each X-Spam header shows this:

rhost=localhost,raddr=127.0.0.1,rport=34757,

Which makes me think that for my mailserver, ALL email appears to originate
from the localhost.  In fact, under 3.1.8, I once tried to set the network
ignore option to 127.0.0.1, and all spam immediately was let through.  

Just wondering if I am missing something or do I just utilize a flaky
mailserver, lol!  



-- 
View this message in context: http://www.nabble.com/new-version-always-trusts-127.0.0.1-tp16002310p16002310.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: new version always trusts 127.0.0.1

[Matt Kettler <mk...@verizon.net>]

Doug Poulin wrote:
> Well here is the actual headers:
>
> Mar 11 13:48:20 x1mail spamd[6116]: spamd: result: Y 22 - 
> DATE_IN_FUTURE_12_24,
> FORGED_MUA_OUTLOOK,HTML_MESSAGE,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,
> URIBL_SC_SURBL 
> scantime=17.6,size=3023,user=root,uid=501,required_score=3.0,
> rhost=localhost,raddr=127.0.0.1 <http://127.0.0.1>,rport=34757,
> mid=<31...@jacky3b8126d7b>,autolearn=disabled

Ahh, that's the spamd logs, not the X-Spam headers..

All the rhost=localhost... bit means is that's where spamc is running 
and feeding spamd messages. Since it's possible to run spamd on a 
separate server than your email frontent, this isn't always localhost 
for everyone, but in your case it likely always will be. However, that 
part has nothing to do with spamassassin's analysis. SA will always 
process the message the same way, no matter how it got fed to spamd, and 
the spam tests do not have access to that information.


>
> Thanks for any help.  And believe it or not, that was a LEGITIMATE 
> message....I need to do a little digging to see where this guy was 
> sending from, but it was  a proposal to reorder some forms we use! 
Sounds like he needs to fix his clock, and find out what URL in the 
message body was blacklisted by every SURBL test... The rest is probably 
minor.. the FORGED_MUA_OUTLOOK is probably a FP. Microsoft changes 
outlook's output formats faster than you can blink an eye.
>
> Thanks again!
No problem.

Re: new version always trusts 127.0.0.1

[Doug Poulin <do...@gmail.com>]

Well here is the actual headers:

Mar 11 13:48:20 x1mail spamd[6116]: spamd: result: Y 22 -
DATE_IN_FUTURE_12_24,
FORGED_MUA_OUTLOOK,HTML_MESSAGE,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,
URIBL_SC_SURBL scantime=17.6,size=3023,user=root,uid=501,required_score=3.0,
rhost=localhost,raddr=127.0.0.1,rport=34757,
mid=<31...@jacky3b8126d7b>,autolearn=disabled

Thanks for any help.  And believe it or not, that was a LEGITIMATE
message....I need to do a little digging to see where this guy was sending
from, but it was  a proposal to reorder some forms we use!

Thanks again!


On Wed, Mar 12, 2008 at 10:14 AM, Matt Kettler <mk...@verizon.net>
wrote:

> dougp23 wrote:
> > Hi.  Running SA 3.1.8
> >
> > Would like to move to a newer version for a few reasons...
> >
> > Anyways the 3.2.3 version looks compelling, but I use a mailserver
> called
> > Scalix.  It uses Sendmail as its engine.  But each X-Spam header shows
> this:
> >
> > rhost=localhost,raddr=127.0.0.1,rport=34757,
> >
> Erm.. What's that generated by? That's not SpamAssassin...
> > Which makes me think that for my mailserver, ALL email appears to
> originate
> > from the localhost.  In fact, under 3.1.8, I once tried to set the
> network
> > ignore option to 127.0.0.1, and all spam immediately was let through.
> >
> Well, even if SpamAssassin trusts a host, and all the hosts involved in
> handling a message, it will still scan it. You'll just see the
> ALL_TRUSTED rule fire off. That reduces the score a little, but not
> enough that you'd be missing all spam..
>
> Your problem is more compressive, as it sounds like email isn't even
> being scanned by SA.
>
> Is there a spamassassin generated X-Spam-Status with a list of rule hits
> on those spam emails?
>
>
>
> > Just wondering if I am missing something or do I just utilize a flaky
> > mailserver, lol!
> >
> >
> >
>
>

RE: new version always trusts 127.0.0.1

["James E. Pratt" <jp...@norwich.edu>]

> -----Original Message-----
> From: Matt Kettler [mailto:mkettler_sa@verizon.net]
> Sent: Wednesday, March 12, 2008 11:14 AM
> To: dougp23
> Cc: users@spamassassin.apache.org
> Subject: Re: new version always trusts 127.0.0.1
> 
> dougp23 wrote:
> > Hi.  Running SA 3.1.8
> >
> > Would like to move to a newer version for a few reasons...
> >
> > Anyways the 3.2.3 version looks compelling, but I use a mailserver
> called
> > Scalix.  It uses Sendmail as its engine.  But each X-Spam header
> shows this:
> >
> > rhost=localhost,raddr=127.0.0.1,rport=34757,
> >
> Erm.. What's that generated by? That's not SpamAssassin...
> > Which makes me think that for my mailserver, ALL email appears to
> originate
> > from the localhost.  In fact, under 3.1.8, I once tried to set the
> network
> > ignore option to 127.0.0.1, and all spam immediately was let
through.
> >
> Well, even if SpamAssassin trusts a host, and all the hosts involved
in
> handling a message, it will still scan it. You'll just see the
> ALL_TRUSTED rule fire off. That reduces the score a little, but not
> enough that you'd be missing all spam..
> 
> Your problem is more compressive, as it sounds like email isn't even
> being scanned by SA.
> 
> Is there a spamassassin generated X-Spam-Status with a list of rule
> hits
> on those spam emails?
> 
> 
> 
> > Just wondering if I am missing something or do I just utilize a
flaky
> > mailserver, lol!
> >
> >
> >

LOL... I won't answer your last question for fear of being flamed(!),
... but.. have you tried hitting up the Scalix folks and/or their
dev/support forums on this? 

Regards,
jamie

Re: new version always trusts 127.0.0.1

[Matt Kettler <mk...@verizon.net>]

dougp23 wrote:
> Hi.  Running SA 3.1.8
>
> Would like to move to a newer version for a few reasons...
>
> Anyways the 3.2.3 version looks compelling, but I use a mailserver called
> Scalix.  It uses Sendmail as its engine.  But each X-Spam header shows this:
>
> rhost=localhost,raddr=127.0.0.1,rport=34757,
>   
Erm.. What's that generated by? That's not SpamAssassin...
> Which makes me think that for my mailserver, ALL email appears to originate
> from the localhost.  In fact, under 3.1.8, I once tried to set the network
> ignore option to 127.0.0.1, and all spam immediately was let through.  
>   
Well, even if SpamAssassin trusts a host, and all the hosts involved in 
handling a message, it will still scan it. You'll just see the 
ALL_TRUSTED rule fire off. That reduces the score a little, but not 
enough that you'd be missing all spam..

Your problem is more compressive, as it sounds like email isn't even 
being scanned by SA.

Is there a spamassassin generated X-Spam-Status with a list of rule hits 
on those spam emails?



> Just wondering if I am missing something or do I just utilize a flaky
> mailserver, lol!  
>
>
>