You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Dan Barker <db...@visioncomm.net> on 2008/01/04 15:12:06 UTC
Whitelist_from_rcvd not working
My whitelist_from_rcvd tags don't hit. I believe this has been happening
since my upgrade from 3.1.7 to 3.2.3.
I don't see anything "interesting" in -D, but I can get it to show an error
if I mis-spell it whitelist_fxxxrom_rcvd, so I know (besides the debug lines
saying so) it's parsing my User_Prefs.
Maybe my MTA is formatting the received lines in an un-understandable way? I
don't know where to look besides:
User_Prefs:
whitelist_from_rcvd *@gadental.org gadental.org
Headers (full mail http://www.visioncomm.net/temp/080104Email.txt):
X-Envelope-From: <ha...@gadental.org>
Received: from gadental.org [67.104.179.147] by mail.visioncomm.net with
ESMTP
(SMTPD32-8.15) id A16054AA0026; Thu, 03 Jan 2008 15:11:12 -0500
...
From: "Lisa Chandler" <ch...@gadental.org>
...
Debug (full listing http://www.visioncomm.net/temp/080104Debug.txt):
[9164] dbg: config: using "C:\Documents and
Settings\dbarker/.spamassassin/user_prefs" for user prefs file
[9164] dbg: config: read file C:\Documents and
Settings\dbarker/.spamassassin/user_prefs
Report:
Content analysis details: (8.0 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
5.0 BOTNET Relay might be a spambot or virusbot
[botnet0.8,ip=67.104.179.147,rdns=gadental.org,maildomain=gadental.org,baddn
s]
0.0 HTML_MESSAGE BODY: HTML included in message
3.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99%
[score: 0.9749]
Just in case there is something [else] I've done silly, my local.cf is at
http://www.visioncomm.net/temp/080104Local.txt):
tia
Dan
Re: Whitelist_from_rcvd not working
Posted by Bob Proulx <bo...@proulx.com>.
Dan Barker wrote:
> Debug http://www.visioncomm.net/temp/080104Debug3.txt.
What is the name of the file that you have your configuration in? Do
you see it in the debug output? Is this it?
[8840] dbg: config: using "C:\Documents and Settings\dbarker/.spamassassin/user_prefs" for user prefs file
You have this line:
[8840] dbg: eval: all '*From' addrs: WachoviaAlerts.010208.300030609@alerts.wachovia.com
On a message that I construct with whitelist_from_rcvd I have this:
[13168] dbg: eval: all '*From' addrs: Jane@example.com bob@proulx.com
[13168] dbg: rules: address Jane@example.com matches (def_)whitelist_from_rcvd ^jane\@example\.com$ example.com
At this point I would be inclined to force a syntax error right next
to that line so that the error would certainly be seen if it were
being read and processed. If you see the error then you know that
file is being parsed and used. If not then you would know that your
edits were simply not having any effect.
> whitelist_from_rcvd *@wachovia.com sls-sn-smtp-pmail3.wachovia.com
> whitelist_from_rcvd *@wachovia.com wachovia.com
> whitelist_from_rcvd *wachovia.com wachovia.com
Wildcards should work there. But perhaps try an explicit address for
debug testing.
whitelist_from_rcvd WachoviaAlerts.010208.300030609@alerts.wachovia.com wachovia.com
Bob
RE: Whitelist_from_rcvd not working
Posted by Dan Barker <db...@visioncomm.net>.
Still no joy.
Prefs:
whitelist_from_rcvd *@wachovia.com sls-sn-smtp-pmail3.wachovia.com
whitelist_from_rcvd *@wachovia.com wachovia.com
whitelist_from_rcvd *wachovia.com wachovia.com
Debug http://www.visioncomm.net/temp/080104Debug3.txt.
Report:
[8840] dbg: check: is spam? score=-5.141 required=5
[8840] dbg: check:
tests=BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_DNSWL_MED
Weirder and weirder.
Dan
-----Original Message-----
From: Bob Proulx [mailto:bob@proulx.com]
Sent: Friday, January 04, 2008 1:45 PM
To: Dan Barker
Cc: users@spamassassin.apache.org
Subject: Re: Whitelist_from_rcvd not working
Dan Barker wrote:
> whitelist_from_rcvd *@wachovia.com sls-sn-smtp-pmail3.wachovia.com
> gives the same result (ie, nothing in debug nor report).
I think that should work. Try 'spamassassin --lint' to make sure that there
isn't a syntax error in the file somewhere that is preventing the
configuration from being read.
Try this:
whitelist_from_rcvd *@wachovia.com wachovia.com
In any case running the message through 'spamassassin -tD' should produce
something interesting in the debug output.
My guess is that the configuration is not being read by SA. Either the
entire file is not being read or there is a syntax error that is preventing
it from being used.
Bob
Re: Whitelist_from_rcvd not working
Posted by Bob Proulx <bo...@proulx.com>.
Dan Barker wrote:
> whitelist_from_rcvd *@wachovia.com sls-sn-smtp-pmail3.wachovia.com
> gives the same result (ie, nothing in debug nor report).
I think that should work. Try 'spamassassin --lint' to make sure that
there isn't a syntax error in the file somewhere that is preventing
the configuration from being read.
Try this:
whitelist_from_rcvd *@wachovia.com wachovia.com
In any case running the message through 'spamassassin -tD' should
produce something interesting in the debug output.
My guess is that the configuration is not being read by SA. Either
the entire file is not being read or there is a syntax error that is
preventing it from being used.
Bob
RE: Whitelist_from_rcvd not working
Posted by Dan Barker <db...@visioncomm.net>.
whitelist_from_rcvd *@wachovia.com sls-sn-smtp-pmail3.wachovia.com
gives the same result (ie, nothing in debug nor report).
Dan
-----Original Message-----
From: McDonald, Dan [mailto:Dan.McDonald@austinenergy.com]
Sent: Friday, January 04, 2008 10:28 AM
To: users@spamassassin.apache.org
Subject: RE: Whitelist_from_rcvd not working
On Fri, 2008-01-04 at 09:50 -0500, Dan Barker wrote:
> Dan McDonald points out that gadental.org has a mismatched rDNS and
> posits that is the reason whitelist_from_rcvd fails.
> So, here is a different email with the same symptom, but with matched
rDNS.
>
> dbarker@linux03:~$ dig -x 169.200.184.174
> 174.184.200.169.in-addr.arpa. 3600 IN PTR
> sls-sn-smtp-pmail3.wachovia.com.
>
> dbarker@linux03:~$ dig sls-sn-smtp-pmail3.wachovia.com
> sls-sn-smtp-pmail3.wachovia.com. 3597 IN A 169.200.184.174
>
>
>
> User_Prefs not needed,
> whitelist_from_rcvd * wachovia.com
That's not the correct syntax. You want whitelist_from_rcvd *@wachovia.com
sls-sn-smtp-pmail3.wachovia.com
But wachovia does publish an SPF record, so a better solution would be:
score USER_IN_SPF_WHITELIST -10.000
whitelist_from_spf *@wachovia.com
--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy
http://www.austinenergy.com
RE: Whitelist_from_rcvd not working
Posted by "McDonald, Dan" <Da...@austinenergy.com>.
On Fri, 2008-01-04 at 09:50 -0500, Dan Barker wrote:
> Dan McDonald points out that gadental.org has a mismatched rDNS and posits
> that is the reason whitelist_from_rcvd fails.
> So, here is a different email with the same symptom, but with matched rDNS.
>
> dbarker@linux03:~$ dig -x 169.200.184.174
> 174.184.200.169.in-addr.arpa. 3600 IN PTR
> sls-sn-smtp-pmail3.wachovia.com.
>
> dbarker@linux03:~$ dig sls-sn-smtp-pmail3.wachovia.com
> sls-sn-smtp-pmail3.wachovia.com. 3597 IN A 169.200.184.174
>
>
>
> User_Prefs not needed,
> whitelist_from_rcvd * wachovia.com
That's not the correct syntax. You want
whitelist_from_rcvd *@wachovia.com sls-sn-smtp-pmail3.wachovia.com
But wachovia does publish an SPF record, so a better solution would be:
score USER_IN_SPF_WHITELIST -10.000
whitelist_from_spf *@wachovia.com
--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com
RE: Whitelist_from_rcvd not working
Posted by Dan Barker <db...@visioncomm.net>.
Dan McDonald points out that gadental.org has a mismatched rDNS and posits
that is the reason whitelist_from_rcvd fails.
So, here is a different email with the same symptom, but with matched rDNS.
dbarker@linux03:~$ dig -x 169.200.184.174
174.184.200.169.in-addr.arpa. 3600 IN PTR
sls-sn-smtp-pmail3.wachovia.com.
dbarker@linux03:~$ dig sls-sn-smtp-pmail3.wachovia.com
sls-sn-smtp-pmail3.wachovia.com. 3597 IN A 169.200.184.174
User_Prefs not needed,
whitelist_from_rcvd * wachovia.com
is in local.cf (full listing at
http://www.visioncomm.net/temp/080104Local.txt):
Headers (full mail http://www.visioncomm.net/temp/080104Email2.txt):
X-Envelope-From:<Wa...@alerts.wachovia.com>
Received: from sls-sn-smtp-pmail3.wachovia.com [169.200.184.174] by
mail.visioncomm.net with ESMTP
(SMTPD32-8.15) id A1253F3B0064; Wed, 02 Jan 2008 03:53:57 -0500
Received: from p9mpw011 (p9mpw011.csm.fub.com [172.21.194.240])
by sls-sn-smtp-pmail3.wachovia.com (8.11.7p3+Sun/8.9.0) with ESMTP
id m028ruM17943
for <db...@visioncomm.net>; Wed, 2 Jan 2008 03:53:56 -0500 (EST)
Message-ID: <61...@p9mpw011>
Date: Wed, 2 Jan 2008 03:53:56 -0500 (EST)
From: Wachovia Alerts <Wa...@alerts.wachovia.com>
...
Debug (full listing http://www.visioncomm.net/temp/080104Debug2.txt):
Report:
X-Spam-Status: No, score=-5.1 required=5.0 tests=BAYES_00=-2.599,
HTML_MESSAGE=0.001,MIME_HTML_ONLY=1.457,RCVD_IN_DNSWL_MED=-4
autolearn=unavailable version=3.2.3
Tia [again]
Dan
-----Original Message-----
From: McDonald, Dan [mailto:Dan.McDonald@austinenergy.com]
Sent: Friday, January 04, 2008 9:22 AM
To: users@spamassassin.apache.org
Subject: Re: Whitelist_from_rcvd not working
On Fri, 2008-01-04 at 09:12 -0500, Dan Barker wrote:
> My whitelist_from_rcvd tags don't hit. I believe this has been
> happening since my upgrade from 3.1.7 to 3.2.3.
>
> I don't see anything "interesting" in -D, but I can get it to show an
> error if I mis-spell it whitelist_fxxxrom_rcvd, so I know (besides the
> debug lines saying so) it's parsing my User_Prefs.
>
> Maybe my MTA is formatting the received lines in an un-understandable
> way? I don't know where to look besides:
>
> User_Prefs:
>
> whitelist_from_rcvd *@gadental.org gadental.org
Whitelist_from_rcvd only works when the forward and reverse addresses match.
That's to keep spammers from publishing whatever reverse address they want
(because they are authoritative for the reverse zone) and sneaking right
through your whitelist...
If gadental is unwilling to fix their reverse zone, you might ask them to
publish an SPF record and then use whitelist_from_spf instead....
--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy
http://www.austinenergy.com
Re: Whitelist_from_rcvd not working
Posted by "McDonald, Dan" <Da...@austinenergy.com>.
On Fri, 2008-01-04 at 09:12 -0500, Dan Barker wrote:
> My whitelist_from_rcvd tags don't hit. I believe this has been happening
> since my upgrade from 3.1.7 to 3.2.3.
>
> I don't see anything "interesting" in -D, but I can get it to show an error
> if I mis-spell it whitelist_fxxxrom_rcvd, so I know (besides the debug lines
> saying so) it's parsing my User_Prefs.
>
> Maybe my MTA is formatting the received lines in an un-understandable way? I
> don't know where to look besides:
>
> User_Prefs:
>
> whitelist_from_rcvd *@gadental.org gadental.org
Whitelist_from_rcvd only works when the forward and reverse addresses
match. That's to keep spammers from publishing whatever reverse address
they want (because they are authoritative for the reverse zone) and
sneaking right through your whitelist...
If gadental is unwilling to fix their reverse zone, you might ask them
to publish an SPF record and then use whitelist_from_spf instead....
--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com
Re: Whitelist_from_rcvd not working
Posted by Matt Kettler <mk...@verizon.net>.
Dan Barker wrote:
>
> [9060] dbg: metadata: X-Spam-Relays-Trusted:
>
> There are no trusted relays.
>
> [9060] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=169.200.184.174 rdns=
> helo=sls-sn-smtp-pmail3.wachovia.com by=mail.visioncomm.net ident= envfrom=
> intl=0 id=
> A1253F3B0064 auth= msa=0 ] [ ip=172.21.194.240 rdns=p9mpw011.csm.fub.com
> helo=p9mpw011 by=sls-sn-smtp-pmail3.wachovia.com ident= envfrom= intl=0
> id=m028ruM17943
> auth= msa=0 ]
>
> The first untrusted relay (169.200.184.174) has a HELO but doesn't have an
> RDNS. I'm not positive, but I think you need both to get
> whitelist_from_recvd to work.
>
You don't need both. You DO need RDNS, and the second parameter must
match a substring of that reverse DSN lookup.
To quote the manpage:
"The first parameter is the address to whitelist, and the second is a
string to match the relay's rDNS."
So, helo has nothing to do with it at all.
RE: Whitelist_from_rcvd not working
Posted by Dan Barker <db...@visioncomm.net>.
Thanks for catching the missing paren. Fixing it didn't change the result,
unfortunately.
Received: from 169.200.184.174 (EHLO sls-sn-smtp-pmail3.wachovia.com)
(169.200.184.174)
by mail.visioncomm.net with ESMTP (SMTPD32-8.15) id A1253F3B0064;
Wed, 02 Jan 2008 03:53:57 -0500
I agree an SPF issue shouldn't affect a whitelist_from_rcvd check, that's
just a wild guess on my part that there may be a bug. I don't know where
else to look.
What I'd really like is for someone else to confirm that the check fails on
their installation before I open a bug report. Loren Wilton appears to have
run my email with my user_prefs, but didn't provide the -D output.
Dan
-----Original Message-----
From: Loren Wilton [mailto:lwilton@earthlink.net]
Sent: Saturday, January 05, 2008 9:47 AM
To: users@spamassassin.apache.org
Subject: Re: Whitelist_from_rcvd not working
> [9060] dbg: Botnet: starting
> [9060] dbg: Botnet: no trusted relays
> [9060] dbg: Botnet: get_relay didn't find RDNS [9060] dbg: Botnet: IP
> is '169.200.184.174'
> [9060] dbg: Botnet: RDNS is 'sls-sn-smtp-pmail3.wachovia.com'
> [9060] dbg: Botnet: HELO is 'sls-sn-smtp-pmail3.wachovia.com'
> [9060] dbg: Botnet: sender
> 'WachoviaAlerts.010208.300030609@alerts.wachovia.com'
> [9060] dbg: Botnet: miss (none)
These are Botnet plugin messages, they have nothing to do with the normal
whitelist_from_rcvd check.
> [9060] dbg: spf: def_spf_whitelist_from: already checked spf and didn't
> get
> pass, skipping whitelist check
> [9060] dbg: spf: whitelist_from_spf: already checked spf and didn't get
> pass, skipping whitelist check
This is whitelist_from_spf, not whitelist_from_rcvd, and what it concludes
here shouldn't have an effect on anything else.
> Original received header:
>
> Received: from sls-sn-smtp-pmail3.wachovia.com [169.200.184.174] by
> mail.visioncomm.net with ESMTP
> (SMTPD32-8.15) id A1253F3B0064; Wed, 02 Jan 2008 03:53:57 -0500
>
> Hacked received header:
>
> Received: from 169.200.184.174 (EHLO sls-sn-smtp-pmail3.wachovia.com
> (169.200.184.174)
> by mail.visioncomm.net with ESMTP (SMTPD32-8.15) id A1253F3B0064;
> Wed, 02 Jan 2008 03:53:57 -0500
It appears to me that there is a missing parend in the hacked header, and
probably it should have been more like
> Received: from 169.200.184.174 (EHLO sls-sn-smtp-pmail3.wachovia.com
> [169.200.184.174])
> by mail.visioncomm.net with ESMTP (SMTPD32-8.15) id A1253F3B0064;
> Wed, 02 Jan 2008 03:53:57 -0500
Moving on to other parts of the debug output that are maybe more
interesting:
[9060] dbg: metadata: X-Spam-Relays-Trusted:
There are no trusted relays.
[9060] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=169.200.184.174 rdns=
helo=sls-sn-smtp-pmail3.wachovia.com by=mail.visioncomm.net ident= envfrom=
intl=0 id=
A1253F3B0064 auth= msa=0 ] [ ip=172.21.194.240 rdns=p9mpw011.csm.fub.com
helo=p9mpw011 by=sls-sn-smtp-pmail3.wachovia.com ident= envfrom= intl=0
id=m028ruM17943
auth= msa=0 ]
The first untrusted relay (169.200.184.174) has a HELO but doesn't have an
RDNS. I'm not positive, but I think you need both to get
whitelist_from_recvd to work.
[9060] dbg: metadata: X-Spam-Relays-Internal:
[9060] dbg: metadata: X-Spam-Relays-External: [ ip=169.200.184.174 rdns=
helo=sls-sn-smtp-pmail3.wachovia.com by=mail.visioncomm.net ident= envfrom=
intl=0 id=A
1253F3B0064 auth= msa=0 ] [ ip=172.21.194.240 rdns=p9mpw011.csm.fub.com
helo=p9mpw011 by=sls-sn-smtp-pmail3.wachovia.com ident= envfrom= intl=0
id=m028ruM17943
auth= msa=0 ]
Re: Whitelist_from_rcvd not working
Posted by Loren Wilton <lw...@earthlink.net>.
> [9060] dbg: Botnet: starting
> [9060] dbg: Botnet: no trusted relays
> [9060] dbg: Botnet: get_relay didn't find RDNS
> [9060] dbg: Botnet: IP is '169.200.184.174'
> [9060] dbg: Botnet: RDNS is 'sls-sn-smtp-pmail3.wachovia.com'
> [9060] dbg: Botnet: HELO is 'sls-sn-smtp-pmail3.wachovia.com'
> [9060] dbg: Botnet: sender
> 'WachoviaAlerts.010208.300030609@alerts.wachovia.com'
> [9060] dbg: Botnet: miss (none)
These are Botnet plugin messages, they have nothing to do with the normal
whitelist_from_rcvd check.
> [9060] dbg: spf: def_spf_whitelist_from: already checked spf and didn't
> get
> pass, skipping whitelist check
> [9060] dbg: spf: whitelist_from_spf: already checked spf and didn't get
> pass, skipping whitelist check
This is whitelist_from_spf, not whitelist_from_rcvd, and what it concludes
here shouldn't have an effect on anything else.
> Original received header:
>
> Received: from sls-sn-smtp-pmail3.wachovia.com [169.200.184.174] by
> mail.visioncomm.net with ESMTP
> (SMTPD32-8.15) id A1253F3B0064; Wed, 02 Jan 2008 03:53:57 -0500
>
> Hacked received header:
>
> Received: from 169.200.184.174 (EHLO sls-sn-smtp-pmail3.wachovia.com
> (169.200.184.174)
> by mail.visioncomm.net with ESMTP (SMTPD32-8.15) id A1253F3B0064;
> Wed, 02 Jan 2008 03:53:57 -0500
It appears to me that there is a missing parend in the hacked header, and
probably it should have been more like
> Received: from 169.200.184.174 (EHLO sls-sn-smtp-pmail3.wachovia.com
> [169.200.184.174])
> by mail.visioncomm.net with ESMTP (SMTPD32-8.15) id A1253F3B0064;
> Wed, 02 Jan 2008 03:53:57 -0500
Moving on to other parts of the debug output that are maybe more
interesting:
[9060] dbg: metadata: X-Spam-Relays-Trusted:
There are no trusted relays.
[9060] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=169.200.184.174 rdns=
helo=sls-sn-smtp-pmail3.wachovia.com by=mail.visioncomm.net ident= envfrom=
intl=0 id=
A1253F3B0064 auth= msa=0 ] [ ip=172.21.194.240 rdns=p9mpw011.csm.fub.com
helo=p9mpw011 by=sls-sn-smtp-pmail3.wachovia.com ident= envfrom= intl=0
id=m028ruM17943
auth= msa=0 ]
The first untrusted relay (169.200.184.174) has a HELO but doesn't have an
RDNS. I'm not positive, but I think you need both to get
whitelist_from_recvd to work.
[9060] dbg: metadata: X-Spam-Relays-Internal:
[9060] dbg: metadata: X-Spam-Relays-External: [ ip=169.200.184.174 rdns=
helo=sls-sn-smtp-pmail3.wachovia.com by=mail.visioncomm.net ident= envfrom=
intl=0 id=A
1253F3B0064 auth= msa=0 ] [ ip=172.21.194.240 rdns=p9mpw011.csm.fub.com
helo=p9mpw011 by=sls-sn-smtp-pmail3.wachovia.com ident= envfrom= intl=0
id=m028ruM17943
auth= msa=0 ]
RE: Whitelist_from_rcvd not working
Posted by Dan Barker <db...@visioncomm.net>.
I thought the received header looked funny, so I hand-typed one and got the
same result. Actually, if you look at the botnet messages (with either
header), the IP, RDNS and HELO have captured identically. I believe that
means the header was parsed correctly by SA.
The three lines in the debug log following those botnet entries may bear on
this. It says "skipping whitelist check". If an SPF failure causes
whitelist_from_rcvd to be skipped, then that's a bug. Any comments before I
move this discussion over to bugzilla?
Dan
Interesting lines (from -D with either header; full list
http://www.visioncomm.net/temp/080104Debug2.txt):
...
[9060] dbg: Botnet: starting
[9060] dbg: Botnet: no trusted relays
[9060] dbg: Botnet: get_relay didn't find RDNS
[9060] dbg: Botnet: IP is '169.200.184.174'
[9060] dbg: Botnet: RDNS is 'sls-sn-smtp-pmail3.wachovia.com'
[9060] dbg: Botnet: HELO is 'sls-sn-smtp-pmail3.wachovia.com'
[9060] dbg: Botnet: sender
'WachoviaAlerts.010208.300030609@alerts.wachovia.com'
[9060] dbg: Botnet: miss (none)
[9060] dbg: rules: ran eval rule __ENV_AND_HDR_FROM_MATCH ======> got hit
(1)
[9060] dbg: spf: def_spf_whitelist_from: already checked spf and didn't get
pass, skipping whitelist check
[9060] dbg: spf: whitelist_from_spf: already checked spf and didn't get
pass, skipping whitelist check
...
Original received header:
Received: from sls-sn-smtp-pmail3.wachovia.com [169.200.184.174] by
mail.visioncomm.net with ESMTP
(SMTPD32-8.15) id A1253F3B0064; Wed, 02 Jan 2008 03:53:57 -0500
Hacked received header:
Received: from 169.200.184.174 (EHLO sls-sn-smtp-pmail3.wachovia.com
(169.200.184.174)
by mail.visioncomm.net with ESMTP (SMTPD32-8.15) id A1253F3B0064;
Wed, 02 Jan 2008 03:53:57 -0500
User_prefs:
whitelist_from_rcvd *@wachovia.com sls-sn-smtp-pmail3.wachovia.com
whitelist_from_rcvd *@wachovia.com wachovia.com
whitelist_from_rcvd *wachovia.com wachovia.com
-----Original Message-----
From: Loren Wilton [mailto:lwilton@earthlink.net]
Sent: Friday, January 04, 2008 7:21 PM
To: users@spamassassin.apache.org
Subject: Re: Whitelist_from_rcvd not working
It occurs to me to wonder about
Received: from sls-sn-smtp-pmail3.wachovia.com [169.200.184.174] by
mail.visioncomm.net with ESMTP
I only see one symbolic wachovia name in that header. Shouldn't there be a
HELO name or the like assocated with 169.200.184.174?
Loren
Re: Whitelist_from_rcvd not working
Posted by Loren Wilton <lw...@earthlink.net>.
It occurs to me to wonder about
Received: from sls-sn-smtp-pmail3.wachovia.com [169.200.184.174] by
mail.visioncomm.net with ESMTP
I only see one symbolic wachovia name in that header. Shouldn't there be a
HELO name or the like assocated with 169.200.184.174?
Loren
Re: Whitelist_from_rcvd not working
Posted by Loren Wilton <lw...@earthlink.net>.
> [9420] dbg: check: is spam? score=-5.141 required=5 [9420] dbg: check:
> tests=BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_DNSWL_MED
How the heck did you get 5+ points with those tests hitting???
Content analysis details: (-0.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
medium
trust
[169.200.184.174 listed in list.dnswl.org]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5095]
0.9 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
2.0 NOT_TO_ME Mail is not addressed to me
0.6 HELO_MISMATCH_COM HELO_MISMATCH_COM
This is what I get running your message with your three whitelist lines in
my user_prefs file. Essentially the same as yours, but I don't get
bayes_00, and if I take the 2.6 points off from local rules I would get
close to a -3 score, not 5.1!
Loren
RE: Whitelist_from_rcvd not working
Posted by Dan Barker <db...@visioncomm.net>.
If someone could run a -D on this email/User_prefs and send me the debug
log, I'll see where in your log whitelist_from_rcvd does something and look
at mine in the same area. It may not help but it would certainly give me a
hint (I hope).
Is there a deeper (more complete messages) version of -D to make it tell me
what SA is checking and not?
Dan
Email: http://www.visioncomm.net/temp/080104Email2.txt)
Prefs:
whitelist_from_rcvd *@wachovia.com sls-sn-smtp-pmail3.wachovia.com
whitelist_from_rcvd *@wachovia.com wachovia.com
whitelist_from_rcvd *wachovia.com wachovia.com
-----Original Message-----
From: Dan Barker [mailto:dbarker@visioncomm.net]
Sent: Friday, January 04, 2008 5:48 PM
To: users@spamassassin.apache.org
Subject: RE: Whitelist_from_rcvd not working
It's NATted. I'll add the public versions and see. (Assuming you mean
internal_networks - If you mean local_networks I'll have to do some
research<g>).
Change made:
trusted_networks 74.254.46.133/32 74.254.46.165/32 172.24.0.0/13
207.101.65.90/32
internal_networks 74.254.46.133/32 74.254.46.165/32 172.24.0.0/13
--lint OK.
No help:
[9420] dbg: check: is spam? score=-5.141 required=5 [9420] dbg: check:
tests=BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_DNSWL_MED
Dan
-----Original Message-----
From: James Wilkinson [mailto:sa-user@aprilcottage.co.uk]
Sent: Friday, January 04, 2008 5:13 PM
To: users@spamassassin.apache.org
Subject: Re: Whitelist_from_rcvd not working
Dan Barker wrote:
> My whitelist_from_rcvd tags don't hit. I believe this has been
> happening since my upgrade from 3.1.7 to 3.2.3.
<snip>
> Just in case there is something [else] I've done silly, my local.cf is
> at
> http://www.visioncomm.net/temp/080104Local.txt):
Here's what may be a thoroughly stupid question -- what does your local
network look like?
$ host mail.visioncomm.net
mail.visioncomm.net has address 74.254.46.133
Is that server behind a NAT router, or does it actually have that IP address
configured? If so, what happens if you add 74.254.46.133 to local_networks
and trusted_networks?
Hope this helps,
James.
--
E-mail: james@ | "Right lads, we've got 45 minutes to score 37 goals.
aprilcottage.co.uk | No problem with that -- the other team just did."
RE: Whitelist_from_rcvd not working
Posted by Dan Barker <db...@visioncomm.net>.
It's NATted. I'll add the public versions and see. (Assuming you mean
internal_networks - If you mean local_networks I'll have to do some
research<g>).
Change made:
trusted_networks 74.254.46.133/32 74.254.46.165/32 172.24.0.0/13
207.101.65.90/32
internal_networks 74.254.46.133/32 74.254.46.165/32 172.24.0.0/13
--lint OK.
No help:
[9420] dbg: check: is spam? score=-5.141 required=5
[9420] dbg: check:
tests=BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_DNSWL_MED
Dan
-----Original Message-----
From: James Wilkinson [mailto:sa-user@aprilcottage.co.uk]
Sent: Friday, January 04, 2008 5:13 PM
To: users@spamassassin.apache.org
Subject: Re: Whitelist_from_rcvd not working
Dan Barker wrote:
> My whitelist_from_rcvd tags don't hit. I believe this has been
> happening since my upgrade from 3.1.7 to 3.2.3.
<snip>
> Just in case there is something [else] I've done silly, my local.cf is
> at
> http://www.visioncomm.net/temp/080104Local.txt):
Here's what may be a thoroughly stupid question -- what does your local
network look like?
$ host mail.visioncomm.net
mail.visioncomm.net has address 74.254.46.133
Is that server behind a NAT router, or does it actually have that IP address
configured? If so, what happens if you add 74.254.46.133 to local_networks
and trusted_networks?
Hope this helps,
James.
--
E-mail: james@ | "Right lads, we've got 45 minutes to score 37 goals.
aprilcottage.co.uk | No problem with that -- the other team just did."
Re: Whitelist_from_rcvd not working
Posted by James Wilkinson <sa...@aprilcottage.co.uk>.
Dan Barker wrote:
> My whitelist_from_rcvd tags don't hit. I believe this has been happening
> since my upgrade from 3.1.7 to 3.2.3.
<snip>
> Just in case there is something [else] I've done silly, my local.cf is at
> http://www.visioncomm.net/temp/080104Local.txt):
Here's what may be a thoroughly stupid question -- what does your local
network look like?
$ host mail.visioncomm.net
mail.visioncomm.net has address 74.254.46.133
Is that server behind a NAT router, or does it actually have that IP
address configured? If so, what happens if you add 74.254.46.133 to
local_networks and trusted_networks?
Hope this helps,
James.
--
E-mail: james@ | "Right lads, we've got 45 minutes to score 37 goals.
aprilcottage.co.uk | No problem with that -- the other team just did."