You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2013/03/18 11:28:45 UTC
[Bug 6919] New: RDNS_DYNAMIC / HELO_DYNAMIC_IPADDR overshoot with
generic dedicated server hosting RDNS
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6919
Bug ID: 6919
Summary: RDNS_DYNAMIC / HELO_DYNAMIC_IPADDR overshoot with
generic dedicated server hosting RDNS
Product: Spamassassin
Version: 3.3.1
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Rules
Assignee: dev@spamassassin.apache.org
Reporter: chris@filoo.de
Classification: Unclassified
The rules
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
3.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr
1)
match on the generic RDNS that is issued by many hosting and colocation
providers, in this case the german company HostEurope:
Received: from ds80-237-211-109.dedicated.hosteurope.de
(ds80-237-211-109.dedicated.hosteurope.de [80.237.211.109])
The machine in question is a dedicated server with a fixed IP address and very
unlikely to have a DynIP.
This overshoot combined with the relatively high score is responsible for some
false positives on our setup.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6919] RDNS_DYNAMIC / HELO_DYNAMIC_IPADDR overshoot with generic
dedicated server hosting RDNS
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6919
Joe Quinn <jq...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jquinn+SAbug@pccc.com
Resolution|WONTFIX |FIXED
--- Comment #12 from Joe Quinn <jq...@pccc.com> ---
John Wilcock definitely has the right fix here. Agreed with Kevin that this
rule is too useful to make fundamental changes to, and it looks like someone
has already considered this very problem. It's simple enough of a change that I
feel okay with changing WONTFIX to FIXED.
I'm committing the addition of 'dedicated' to the static IP check, and that
should hopefully be a while before we get another outlier naming scheme to
account for.
Revision 1639062.
Added dedicated to list of static IP indicators for RDNS_DYNAMIC - bug 6919
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6919] RDNS_DYNAMIC / HELO_DYNAMIC_IPADDR overshoot with generic
dedicated server hosting RDNS
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6919
Steve Freegard <st...@stevefreegard.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |steve@stevefreegard.com
--- Comment #9 from Steve Freegard <st...@stevefreegard.com> ---
Maybe the answer here is to try and separate dynamic .vs. generic in the
RDNS_DYNAMIC rule into separate rules and mass-check them to see what effect it
has. We might even find that RDNS_DYNAMIC can actually get a decent score
afterwards.
However I don't think we should do the same with HELO_DYNAMIC_IPADDR as this is
a good spam sign and is scored accordingly (I'm frankly surprised the corpus
doesn't contain more examples of this). A rename to HELO_GENERIC_IPADDR might
be more appropriate.
I can think of a few reasons why an admin wouldn't change the machine hostname
(and therefore the EHLO/HELO used) to something that isn't generic and none of
them are particularly good reasons.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6919] RDNS_DYNAMIC / HELO_DYNAMIC_IPADDR overshoot with generic
dedicated server hosting RDNS
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6919
--- Comment #11 from Steve Freegard <st...@stevefreegard.com> ---
Resurrecting an old ticket...
Just cleaning out my sandbox and noticed I'd checked some rules in for this:
0 5.2176 0.2768 0.950 0.70 0.01 T_BUG6919_RDNS_GENERIC
0 4.3810 0.1886 0.959 0.73 0.01 T_BUG6919_RDNS_DYNAMIC
0 4.4371 0.5523 0.889 0.61 2.64 RDNS_DYNAMIC
Thoughts anyone?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6919] RDNS_DYNAMIC / HELO_DYNAMIC_IPADDR overshoot with generic
dedicated server hosting RDNS
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6919
--- Comment #8 from AXB <ax...@gmail.com> ---
(In reply to comment #5)
> I think an argument could be made that the "dedicated" in the host name
> kinda negates the appropriateness of a hit by a /Dynamic IP/ rule...
maybe this rule should be renamed to GENERIC ?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6919] RDNS_DYNAMIC / HELO_DYNAMIC_IPADDR overshoot with generic
dedicated server hosting RDNS
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6919
--- Comment #3 from AXB <ax...@gmail.com> ---
(In reply to comment #2)
> Those two workarounds are invalid and fix neither my nor anyone else's
> problem.
>
> 1. I know numerous hosters/ISPs who assign generic RDNS entries. This is, by
> the way, a perfectly valid and RFC conformant approach if FDNS and RDNS
> match, as is the case for ds80-237-211-109.dedicated.hosteurope.de et al.
> It's not my or anyone's place to tell them to stop this correct practice
> because it causes a false positive in some SA rule.
>
> 2. I do not trust the IP assignments by HostEurope to be spam-free,
> therefore they have no place in my trusted_networks. What I want, however,
> is that mails originating from these networks are not wrongly marked as spam
> due to overshoot in a SpamAssassin rule.
It's legitimate, nobody argues about that. It's also legitimate to assign a
score, even a high one, for neglected configs.
Now if a server admin prefers to keep a generic pattern he's in for surprises.
Not only SA tags with generic patterns. It's becoming common practive to reject
mail from PTRs which are not in the sender's domain.
so what you want may not be the best for the rest.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6919] RDNS_DYNAMIC / HELO_DYNAMIC_IPADDR overshoot with generic
dedicated server hosting RDNS
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6919
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |kmcgrail@pccc.com
Resolution|--- |WONTFIX
--- Comment #4 from Kevin A. McGrail <km...@pccc.com> ---
We find this as a score indicative of spam. If you don't like it in your
setup, feel free to lower the scores. However, I recommend to all legitimate
mailers that you get logical, non-generic rPTRs configured for all of your mail
servers.
Regards,
KAM
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6919] RDNS_DYNAMIC / HELO_DYNAMIC_IPADDR overshoot with generic
dedicated server hosting RDNS
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6919
--- Comment #6 from chris@filoo.de ---
Exactly, John. The rules specifically say "DYNAMIC" and as such, they are not
accurate.
I fully agree that mail coming from a dynamic IP address is usually suspicious.
However, in this case the rule is clearly wrong (and I presume there are dozens
of other cases).
I think the rule is incorrectly scored with regards to its accuracy. And I
don't think this is a local issue, either. I will rescore it locally and if you
WONTFIX, you WONTFIX. I said my piece. :)
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6919] RDNS_DYNAMIC / HELO_DYNAMIC_IPADDR overshoot with generic
dedicated server hosting RDNS
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6919
chris@filoo.de changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |chris@filoo.de
--- Comment #2 from chris@filoo.de ---
Those two workarounds are invalid and fix neither my nor anyone else's problem.
1. I know numerous hosters/ISPs who assign generic RDNS entries. This is, by
the way, a perfectly valid and RFC conformant approach if FDNS and RDNS match,
as is the case for ds80-237-211-109.dedicated.hosteurope.de et al. It's not my
or anyone's place to tell them to stop this correct practice because it causes
a false positive in some SA rule.
2. I do not trust the IP assignments by HostEurope to be spam-free, therefore
they have no place in my trusted_networks. What I want, however, is that mails
originating from these networks are not wrongly marked as spam due to overshoot
in a SpamAssassin rule.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6919] RDNS_DYNAMIC / HELO_DYNAMIC_IPADDR overshoot with generic
dedicated server hosting RDNS
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6919
Benny Pedersen <me...@junc.eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |me@junc.eu
--- Comment #1 from Benny Pedersen <me...@junc.eu> ---
add 80.237.211.0 - 80.237.211.127 to trusted_networks in local.cf
or ask koeln <AT> hosteurope.de to set reverse dns PTR without ips
its not a spamassassin solution needed
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6919] RDNS_DYNAMIC / HELO_DYNAMIC_IPADDR overshoot with generic
dedicated server hosting RDNS
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6919
John Wilcock <jo...@tradoc.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |john@tradoc.fr
--- Comment #7 from John Wilcock <jo...@tradoc.fr> ---
(In reply to comment #5)
> I think an argument could be made that the "dedicated" in the host name
> kinda negates the appropriateness of a hit by a /Dynamic IP/ rule...
Conceivably, the word "dedicated" could be added to:
header __RDNS_STATIC X-Spam-Relays-External =~ /^[^\]]+
rdns=\S*(?:fix|static|fixip)/i
I can't see such a change causing any FNs, though whether this is "worth it"
depends how many hosting companies use this scheme without offering
configurable rDNS!
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6919] RDNS_DYNAMIC / HELO_DYNAMIC_IPADDR overshoot with generic
dedicated server hosting RDNS
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6919
--- Comment #10 from Steve Freegard <st...@stevefreegard.com> ---
(In reply to comment #9)
> Maybe the answer here is to try and separate dynamic .vs. generic in the
> RDNS_DYNAMIC rule into separate rules and mass-check them to see what effect
> it has. We might even find that RDNS_DYNAMIC can actually get a decent
> score afterwards.
After some tweaking - I've improved RDNS_DYNAMIC on my own corpus:
0.669 2.0254 0.0000 1.000 0.68 0.00 BUG6919_RDNS_DYNAMIC
2.456 4.4740 1.4605 0.754 0.52 0.00 BUG6919_RDNS_GENERIC
2.206 3.7183 1.4605 0.718 0.47 2.64 RDNS_DYNAMIC
I've just checked these improved rules into my sandbox for the next run.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6919] RDNS_DYNAMIC / HELO_DYNAMIC_IPADDR overshoot with generic
dedicated server hosting RDNS
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6919
John Hardin <jh...@impsec.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jhardin@impsec.org
--- Comment #5 from John Hardin <jh...@impsec.org> ---
I think an argument could be made that the "dedicated" in the host name kinda
negates the appropriateness of a hit by a /Dynamic IP/ rule...
--
You are receiving this mail because:
You are the assignee for the bug.