You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Tom <to...@ecnow.co.uk> on 2010/02/17 01:01:47 UTC
getting different SA scores depending on which outgoing smtp is used,
though same sender IP and SA
Hi SA peeps,
I noticed that I was triggering
"RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC" when sending mail through
my own spamassassin, which is spamassassin-3.2.5-2 from the fc10 repo,
configured via mimedefang and sendmail-milter.
I decided to try sending through my ISP's smtp server instead, and it
doesn't trigger the same rules, even though the content is the same, and
the client IP address is the same. I have posted the headers below, I
was hoping that someone could explain what the differences are that
trigger the rules on the first set of headers...?
This triggers;
Return-Path: <to...@limepepper.co.uk>
Received: from localhost.localdomain (cpc3-seve11-0-0-cust606.popl.cable.ntl.com [82.10.154.95])
(authenticated bits=0)
by vs802.ecnow.co.uk (8.14.3/8.14.1) with ESMTP id o1GLrAwn032508
(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO)
for <ba...@limepepper.co.uk>; Tue, 16 Feb 2010 21:53:12 GMT
Message-ID: <4B...@limepepper.co.uk>
Date: Tue, 16 Feb 2010 21:53:23 +0000
From: Tom H <to...@limepepper.co.uk>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.5) Gecko/20091209 Fedora/3.0-3.fc11 Lightning/1.0pre Thunderbird/3.0
MIME-Version: 1.0
To: badger@limepepper.co.uk
Subject: test
X-Enigmail-Version: 1.0
OpenPGP: id=3B3F97D9
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Spam-Score: 1.83 (*) AWL,BAYES_40,HELO_LH_LD,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC
X-Scanned-By: MIMEDefang 2.67 on 209.135.157.202
This one not;
Return-Path: <to...@limepepper.co.uk>
Received: from mtaout01-winn.ispmail.ntl.com (mtaout01-winn.ispmail.ntl.com [81.103.221.47])
by vs802.ecnow.co.uk (8.14.3/8.14.1) with ESMTP id o1GMDWHb002121
for <to...@limepepper.co.uk>; Tue, 16 Feb 2010 22:13:32 GMT
Received: from aamtaout04-winn.ispmail.ntl.com ([81.103.221.35])
by mtaout01-winn.ispmail.ntl.com
(InterMail vM.7.08.04.00 201-2186-134-20080326) with ESMTP
id <20...@aamtaout04-winn.ispmail.ntl.com>
for <to...@limepepper.co.uk>; Tue, 16 Feb 2010 22:13:44 +0000
Received: from localhost.localdomain ([82.10.154.95])
by aamtaout04-winn.ispmail.ntl.com
(InterMail vG.2.02.00.01 201-2161-120-102-20060912) with ESMTP
id <20...@localhost.localdomain>
for <to...@limepepper.co.uk>; Tue, 16 Feb 2010 22:13:44 +0000
Message-ID: <4B...@limepepper.co.uk>
Date: Tue, 16 Feb 2010 22:13:42 +0000
From: Tom H <to...@limepepper.co.uk>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.5) Gecko/20091209 Fedora/3.0-3.fc11 Lightning/1.0pre Thunderbird/3.0
MIME-Version: 1.0
To: tom@limepepper.co.uk
Subject: test
X-Enigmail-Version: 1.0
OpenPGP: id=3B3F97D9
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Cloudmark-Analysis: v=1.1 cv=1ggfb5FlKZQUfF3vzm9UBYZ2uTfLsbs/8dSljwg5+mE= c=1 sm=0 a=nS36O97Bj3wUElCrIrAA:9 a=WSUfejPYnVaDIwHsvJh5HpFP3bwA:4 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117
X-Spam-Score: 0.175 () AWL,BAYES_00,TVD_SPACE_RATIO
X-Scanned-By: MIMEDefang 2.67 on 209.135.157.202
Thanks,
Tom
Re: getting different SA scores depending on which outgoing smtp is
used, though same sender IP and SA
Posted by RW <rw...@googlemail.com>.
On Wed, 17 Feb 2010 01:19:03 +0000
Tom <to...@ecnow.co.uk> wrote:
> On 17/02/10 00:35, RW wrote:
>
> > > It doesn't know it's internal because you haven't set your
> > > internal network to include your
> > > own IP address. Generally local mail shouldn't go through SA so
> > > that's not an issue.
> > >
> >
> Hi,
>
> Thanks for that reply.
>
> What exactly do you mean by "set your internal network to include your
> own IP address. "?
If you put
internal_networks 82.10.154.95
in local.cf, spamassassin will know that it's part of your own network,
you should also add any private address ranges used (actually it's
safe to specify all the private ranges).
Re: getting different SA scores depending on which outgoing smtp
is used, though same sender IP and SA
Posted by Tom <to...@ecnow.co.uk>.
On 17/02/10 00:35, RW wrote:
> > It doesn't know it's internal because you haven't set your internal
> > network to include your
> > own IP address. Generally local mail shouldn't go through SA so
> > that's not an issue.
> >
>
Hi,
Thanks for that reply.
What exactly do you mean by "set your internal network to include your
own IP address. "?
Thanks,
Tom
Re: getting different SA scores depending on which outgoing smtp
is used, though same sender IP and SA
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Wed, 2010-02-17 at 00:35 +0000, RW wrote:
> On Wed, 17 Feb 2010 00:01:47 +0000 Tom <to...@ecnow.co.uk> wrote:
> > I noticed that I was triggering
> > "RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC" when sending mail through
> > my own spamassassin, which is spamassassin-3.2.5-2 from the fc10 repo,
> > configured via mimedefang and sendmail-milter.
> >
> > I decided to try sending through my ISP's smtp server instead, and it
> > doesn't trigger the same rules, even though the content is the same,
None of these rules are about content.
> > and the client IP address is the same. I have posted the headers
> > below, I was hoping that someone could explain what the differences
> > are that trigger the rules on the first set of headers...?
Think about it this way -- from your MX's perspective, what is the
handing-over IP?
In the first case, it's a dynamic dial-up IP, in a range flagged by your
ISP to not be permitted to do direct to MX delivery, cause it isn't an
SMTP. But a dial-up user, supposed to use his SMTP, which then delivers
into your network. Sounds familiar? Yeah, look at the rules triggered...
In the second case, it's an SMTP that is neither dynamic, nor prohibited
to send mail by policy.
All of these rules are supposed to *only* inspect the last external,
handing-over hop. No deep-inspection. Thus, the originating IP doesn't
matter to them.
> That's how it should work. You should be sending through a proper
> smarthost, and SA is penalizing you when you don't. It doesn't know it's
> internal because you haven't set your internal network to include your
> own IP address. Generally local mail shouldn't go through SA so
> that's not an issue.
Yeah, have been discussing this very recently. Again. ;) This generally
is an issue, in case your MX is the same as your user-facing outbound
SMTP, *and* you are sending mail to yourself...
guenther
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: getting different SA scores depending on which outgoing smtp is
used, though same sender IP and SA
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Wed, 17 Feb 2010, RW wrote:
> On Wed, 17 Feb 2010 00:01:47 +0000
> Tom <to...@ecnow.co.uk> wrote:
>
> > Hi SA peeps,
> >
> > I noticed that I was triggering
> > "RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC" when sending mail through
> > my own spamassassin, which is spamassassin-3.2.5-2 from the fc10 repo,
> > configured via mimedefang and sendmail-milter.
> >
> > I decided to try sending through my ISP's smtp server instead, and it
> > doesn't trigger the same rules, even though the content is the same,
> > and the client IP address is the same. I have posted the headers
> > below, I was hoping that someone could explain what the differences
> > are that trigger the rules on the first set of headers...?
>
> That's how it should work. You should be sending through a proper
> smarthost, and SA is penalizing you when you don't. It doesn't know it's
> internal because you haven't set your internal network to include your
> own IP address. Generally local mail shouldn't go through SA so
> that's not an issue.
In the general case that is how it should work but not in Tom's particular
case.
If you look closely at that "Received: from" header in the instance
where those rules fired, there is a "(authenticated bits=0)" component.
Thus he was using an authenticated-SMTP connection so SA should -NOT-
have fired those rules.
So that says that there's something wrong with his SA install which is
keeping it from recognizing/honoring that authed header.
I seem to remember there was an issue with some milters not properly
passing SMTP-auth header info. Maybe Tom needs to investigate this
for his particular milter.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: getting different SA scores depending on which outgoing smtp is
used, though same sender IP and SA
Posted by RW <rw...@googlemail.com>.
On Wed, 17 Feb 2010 00:01:47 +0000
Tom <to...@ecnow.co.uk> wrote:
>
> Hi SA peeps,
>
> I noticed that I was triggering
> "RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC" when sending mail through
> my own spamassassin, which is spamassassin-3.2.5-2 from the fc10 repo,
> configured via mimedefang and sendmail-milter.
>
> I decided to try sending through my ISP's smtp server instead, and it
> doesn't trigger the same rules, even though the content is the same,
> and the client IP address is the same. I have posted the headers
> below, I was hoping that someone could explain what the differences
> are that trigger the rules on the first set of headers...?
That's how it should work. You should be sending through a proper
smarthost, and SA is penalizing you when you don't. It doesn't know it's
internal because you haven't set your internal network to include your
own IP address. Generally local mail shouldn't go through SA so
that's not an issue.