You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2004/01/24 00:31:36 UTC
Re: Incorrectly identified BSP messages
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
"John Hall" writes:
>I have seen a couple of pieces of spam that SpamAssassin has identified,
>but have matched the RCVD_IN_BSP_TRUSTED rule. I've therefore reported
>them to bondedsender.com. However, they say that none of the mail hops
>are in their whitelist.
>
>Looking more closely at the SpamAssassin report, something odd is going
>on:
>
>-4.3 RCVD_IN_BSP_TRUSTED RBL: Sender is in Bonded Sender Program
> (trusted relay)
> [4.46.142.76 listed in dnsbl.sorbs.net]
>
>The rule is being triggered because the IP address is in
>dnsbl.sorbs.net, whereas the BSP dns list is at
>sa-trusted.bondedsender.org.
>
>I've seen this with both SA 2.60 and 2.63.
! bizarre.
Have you got a message this occurs with reproducably? We would be
interested in a bug report if so at http://bugzilla.SpamAssassin.org/ .
It sounds a lot like, er, sunspots. ;)
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFAEa7XQTcbUG5Y7woRAiRVAKCQmLzDgNmX9UAlpScjr57xf0i1dgCghmqt
80bn+IHwGU0YdYkUZyZlYcc=
=H1AH
-----END PGP SIGNATURE-----
Re: Incorrectly identified BSP messages
Posted by John Hall <jo...@cambridgetechgroup.com>.
On 23 January 2004 23:32, Justin Mason <jm...@jmason.org> wrote:
> "John Hall" writes:
> >I have seen a couple of pieces of spam that SpamAssassin has
> >identified, but have matched the RCVD_IN_BSP_TRUSTED rule. I've
> >therefore reported them to bondedsender.com. However, they say that
> >none of the mail hops are in their whitelist.
> ! bizarre.
>
> Have you got a message this occurs with reproducably? We would be
> interested in a bug report if so at http://bugzilla.SpamAssassin.org/
> . It sounds a lot like, er, sunspots. ;)
Unfortunately it seems non-reproducable. The DNS scores in the original
message report were:
pts rule name description
---- ---------------------- ------------------------------------------------
--
0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
[4.46.142.76 listed in dnsbl.sorbs.net]
-4.3 RCVD_IN_BSP_TRUSTED RBL: Sender is in Bonded Sender Program (trusted
relay)
[4.46.142.76 listed in dnsbl.sorbs.net]
0.7 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[<http://dsbl.org/listing?ip=4.46.142.76>]
1.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
<http://www.spamcop.net/bl.shtml?4.46.142.76>]
2.6 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
[4.46.142.76 listed in dnsbl.sorbs.net]
But running it manually through spamassassin now only gives:
pts rule name description
---- ---------------------- ------------------------------------------------
--
0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
[4.46.142.76 listed in dnsbl.sorbs.net]
0.7 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[<http://dsbl.org/listing?ip=4.46.142.76>]
1.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
<http://www.spamcop.net/bl.shtml?4.46.142.76>]
2.6 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
[4.46.142.76 listed in dnsbl.sorbs.net]
So the BSP score has mysteriously disappeared.
Regards,
John