You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by WFGB Team <we...@spectacularstuff.com> on 2006/05/20 16:53:02 UTC
Re: SPAM-LOW: Re: Spam Assassin Detecting our emails as spam
Thank you for all of the suggestions and comments.
[[[[[[[[[[[[[[[[[]]]]]]]]]]]]]]]]]]]]]]]]
A) But probably your server failed to indicate in its received headers that
the mail from the dynamic IP was authenticated, or SA failed to parse the
received header
B) Don't use a dial-up and send direct? {o.o}
C) Read about trusted_networks and internal_networks in the
Mail::SpamAssassin::Conf man page. These parameters go into your
Local.cf configuration file.
[[[[[[[[[[[[[[[[[]]]]]]]]]]]]]]]]]]]]]]]]
[My Replies]
A) There are 4 main things wrong. Is there the error failing to parse the
received header for all of them?
How do I change that if that is the case. I am using smartermail if anyone
is familiar with it.
How do I get SA to parse the received header if that is the case?
I have placed a header below.
B) We are not using a dial-up. What do you mean send direct?
We have an Ip for our server and we have our mail server on the same box
using a different IP.
We have reverse DNS turned on for both IP's.
C) I have been searching for a manual everywhere for Windows. I cannot find
one.
I am on a windows system and do not have access to the man command.
[This header to an email being picked up as spam and below it is the SA
points]
Received: from localhost by Server-Name-Removed
With SpamAssassin (version 3.1.1);
Tue, 16 May 2006 22:26:26 -0500
From: "Spectacular Stuff" <email-address-removed>
To: <94...@message.alltel.com>
Subject: SPAM: Re: your alltel email message
Date: Tue, 16 May 2006 23:25:54 -0400 (Eastern Daylight Time)
Message-Id: <44...@RANDY>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on DEDE143
X-Spam-Level: *********
X-Spam-Status: Yes, score=9.9 required=8.0 tests=AWL,HELO_DYNAMIC_IPADDR
HTML_MESSAGE,HTML_TAG_EXIST_TBODY,NO_DNS_FOR_FROM,RCVD_IN_NJABL_DUL
RCVD_IN_SORBS_DUL autolearn=no version=3.1.1
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_446A97E2.4BEC0000"
X-SmarterMail-Spam: SPF_None
X-Rcpt-To: <email-address-removed>
[SA Points]
Content analysis details: (9.9 points, 8.0 required)
Pts rule name description
---- ----------------------
--------------------------------------------------
3.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP
addr1)
0.1 HTML_TAG_EXIST_TBODY BODY: HTML has "tbody" tag
0.0 HTML_MESSAGE BODY: HTML included in message
2.6 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[68.56.175.199 listed in dnsbl.sorbs.net]
1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[68.56.175.199 listed in combined.njabl.org]
0.1 AWL AWL: From: address is in the auto white-list
Wayne
-------Original Message-------
From: hamann.w@t-online.de
Date: 05/20/06 02:46:01
To: spectacularstuff
Cc: users@spamassassin.apache.org
Subject: SPAM-LOW: Re: Spam Assassin Detecting our emails as spam
>> I have just set up Spam Assassin on our server.
>> It is working very nicely however whenever we try to send an email from
our
>> own server to someone else on the same server, it gets picked up as spam.
>>
>> I am wondering if anyone here has experience with Spam Assassin and can
help
>> me fix the issues below as I don't know what they mean exactly.
>>
>> I have spam assassin set to detect at 8 points whether or not an email is
>> spam. We are way over that because of the following reasons.
>>
>> What do I have to fix on our server to fix the 4 issues below?
>>
>> 1. We are losing 3.4 points because of HELO_DYNAMIC_IPADDR.
>>
>> 2. We are losing 2.6 points because of NO_DNS_FOR_FROM.
>>
>> 3. We are losing 2.0 points because of RCVD_IN_SORBS_DUL.
>>
>> 4. We are losing 1.7 points because of RCVD_IN_NJABL_DUL.
>>
Hi,
you did not show the full headers - but probably your server failed to
indicate in its
Received headers that the mail from the dynamic ip was authenticated, or SA
failed
to parse the received header
Wolfgang Hamann
Re: "Vouching" for mail from a dynamic IP
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
On 5/22/2006 12:16 PM, Kenneth Porter wrote:
> --On Saturday, May 20, 2006 4:54 PM -0700 jdow <jd...@earthlink.net> wrote:
>
>> Looking at your own email it comes from a COMCAST cable connection
>> in Palmer Ranch Florida through the WFGB mailer. The WFGB mailer is
>> not in SORBS anywhere. YOUR address most certainly is a dialup. So
>> it WILL get tagged unless your mail goes through a machine that
>> properly vouches for it. 68.32.0.0/11 (68.32.0.0-68.63.255.255) is
>> a dynamic IP netblock.
>
>
> How does another machine "properly vouch for it"? If I route my mail to
> a colocated host under my control, how do I make that host vouch for the
> mail from my house?
There's no vouching. SpamAssassin simply looks for one relay between
your network and the sender. If there isn't a relay between the two
(that is the sender sent mail directly to your MX) the mail is treated
as direct-to-MX and its IP is looked up in various blacklists.
Normally a sender would relay through their own mail server which would
then relay the mail to your MX, thus avoiding having the sender's
(end-user's MUA) IP looked up... their mail relay would be looked up though.
When your sending mail to your own domain which uses the same mail
server for everything this relay between the client and your MX doesn't
exists and you run in to the problem described. As previously noted in
this thread, it is explained here:
http://wiki.apache.org/spamassassin/DynablockIssues
Daryl
Re: "Vouching" for mail from a dynamic IP (was: SPAM-LOW: Re: Spam
Assassin Detecting our emails as spam)
Posted by "John D. Hardin" <jh...@impsec.org>.
On Mon, 22 May 2006, Kenneth Porter wrote:
> On Monday, May 22, 2006 12:28 PM -0700 "John D. Hardin"
> <jh...@impsec.org> wrote:
>
> > Send it over an ssh tunnel so that to the MTA it appears to be coming
> > from 127.0.0.1. That's how I do it.
>
> Any way to do that with sendmail at both ends?
Yep, hang on while I troll my configs, it's been a while since I
set this up...
...you need to change the A= option on the "relay" mailer. All
non-local mail will automatically go via that mailer:
Mrelay, P=[IPC], F=mDFMuXa8, S=11/31, R=61, E=\r\n, L=2040,
T=DNS/RFC822/SMTP,
A=IPC [10.1.0.254] 25001
10.1.0.254 is the home end of my ssh tunnel to my hosted server, and
it forwards port 25001 to port 25 on the hosted server. If you're
running the ssh client directly on your mailserver, it would be:
A=IPC [127.0.0.1] 25001
The other mailers (smtp, esmtp, smtp8) might also need changing
"A=IPC $h" to the above, but I haven't needed to do that here.
> Currently I use an AuthInfo entry in the sending MTA's access DB,
> and a mailertable entry (or smarthost in sendmail.mc) to direct
> mail to the receiving MTA for domains that don't like dynamic
> senders. So the dynamic IP in the Received headers should show up
> as authenticated for the host with static IP.
Eh, just send *all* of your outbound mail via your hosted server (it's
at a static IP address, right?) and don't worry about custom configs
to get around people with dynamic-IP blocks.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The problem is when people look at Yahoo, slashdot, or groklaw and
jump from obvious and correct observations like "Oh my God, this
place is teeming with utter morons" to incorrect conclusions like
"there's nothing of value here". -- Al Petrofsky, in Y! SCOX
-----------------------------------------------------------------------
Re: "Vouching" for mail from a dynamic IP (was: SPAM-LOW: Re: Spam
Assassin Detecting our emails as spam)
Posted by Kenneth Porter <sh...@sewingwitch.com>.
On Monday, May 22, 2006 12:28 PM -0700 "John D. Hardin"
<jh...@impsec.org> wrote:
> Send it over an ssh tunnel so that to the MTA it appears to be coming
> from 127.0.0.1. That's how I do it.
Any way to do that with sendmail at both ends? Currently I use an AuthInfo
entry in the sending MTA's access DB, and a mailertable entry (or smarthost
in sendmail.mc) to direct mail to the receiving MTA for domains that don't
like dynamic senders. So the dynamic IP in the Received headers should show
up as authenticated for the host with static IP.
Re: "Vouching" for mail from a dynamic IP (was: SPAM-LOW: Re: Spam
Assassin Detecting our emails as spam)
Posted by "John D. Hardin" <jh...@impsec.org>.
On Mon, 22 May 2006, Kenneth Porter wrote:
> How does another machine "properly vouch for it"? If I route my mail to a
> colocated host under my control, how do I make that host vouch for the mail
> from my house?
Send it over an ssh tunnel so that to the MTA it appears to be coming
from 127.0.0.1. That's how I do it.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The problem is when people look at Yahoo, slashdot, or groklaw and
jump from obvious and correct observations like "Oh my God, this
place is teeming with utter morons" to incorrect conclusions like
"there's nothing of value here". -- Al Petrofsky, in Y! SCOX
-----------------------------------------------------------------------
"Vouching" for mail from a dynamic IP (was: SPAM-LOW: Re: Spam
Assassin Detecting our emails as spam)
Posted by Kenneth Porter <sh...@sewingwitch.com>.
--On Saturday, May 20, 2006 4:54 PM -0700 jdow <jd...@earthlink.net> wrote:
> Looking at your own email it comes from a COMCAST cable connection
> in Palmer Ranch Florida through the WFGB mailer. The WFGB mailer is
> not in SORBS anywhere. YOUR address most certainly is a dialup. So
> it WILL get tagged unless your mail goes through a machine that
> properly vouches for it. 68.32.0.0/11 (68.32.0.0-68.63.255.255) is
> a dynamic IP netblock.
How does another machine "properly vouch for it"? If I route my mail to a
colocated host under my control, how do I make that host vouch for the mail
from my house?
Re: Spam Assassin Detecting our emails as spam
Posted by spectacularstuff <we...@spectacularstuff.com>.
Okay....
Please forgive my ignorance here as I am attempting to absorb and understand
all of this.
I am presuming the meaning of dialup here is not the same as a dialup ISP
such as Juno or Netzero, etc etc etc. because all of our people on the
server are on high-speed internet and not dialup accounts.
[[[[[[[[[[[[[[[[]]]]]]]]]]]]]]]]]]
A major question you never answered is whether it is your own site filtering
outbound mail or other sites that are declaring your email to be spam.
[[[[[[[[[[[[[[[[]]]]]]]]]]]]]]]]]]
[My Reply]
If someone that has an email @spectacularstuff.com sends an email to someone
else that has an email @spectacularstuff.com, the email will get marked as
spam because of those things mentioned in my previous emails.
That is what I am trying to prevent. To get around the issue, I have raised
the bar on SPAM from 8 points to 11 points. This is allowing more spam to
get through but also allowing our emails to get through.
Let me ask a more direct question because I don't have all of the knowledge
yet to understand some of the answers being given. They are more confusing
to me than anything.
Just working on 1 thing right now.
If I send an email to another domain on our own server I will get the
following:
3.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr1)
What do I have to do or change on the server so that doesn't happen?
Thanks,
Wayne
--
View this message in context: http://www.nabble.com/Spam+Assassin+Detecting+our+emails+as+spam-t1653798.html#a4489396
Sent from the SpamAssassin - Users forum at Nabble.com.
Re: SPAM-LOW: Re: Spam Assassin Detecting our emails as spam
Posted by jdow <jd...@earthlink.net>.
The messages getting tagged most positively are on a segment of addresses
that are tagged as dynamically assigned addresses, colloquially called
dialup addresses in the anti-spam community. That is what these mean:
RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL
This is good for several points on any spam checking engine if they do
not go through an emailer that vouches for them.
A major question you never answered is whether it is your own site
filtering outbound mail or other sites that are declaring your email
to be spam.
Looking at your own email it comes from a COMCAST cable connection
in Palmer Ranch Florida through the WFGB mailer. The WFGB mailer is
not in SORBS anywhere. YOUR address most certainly is a dialup. So
it WILL get tagged unless your mail goes through a machine that
properly vouches for it. 68.32.0.0/11 (68.32.0.0-68.63.255.255) is
a dynamic IP netblock.
{^_^}
----- Original Message -----
From: "WFGB Team" <we...@spectacularstuff.com>
To: <ha...@t-online.de>
Cc: <us...@spamassassin.apache.org>
Sent: Saturday, May 20, 2006 07:53
Subject: Re: SPAM-LOW: Re: Spam Assassin Detecting our emails as spam
Thank you for all of the suggestions and comments.
[[[[[[[[[[[[[[[[[]]]]]]]]]]]]]]]]]]]]]]]]
A) But probably your server failed to indicate in its received headers that
the mail from the dynamic IP was authenticated, or SA failed to parse the
received header
B) Don't use a dial-up and send direct? {o.o}
C) Read about trusted_networks and internal_networks in the
Mail::SpamAssassin::Conf man page. These parameters go into your
Local.cf configuration file.
[[[[[[[[[[[[[[[[[]]]]]]]]]]]]]]]]]]]]]]]]
[My Replies]
A) There are 4 main things wrong. Is there the error failing to parse the
received header for all of them?
How do I change that if that is the case. I am using smartermail if anyone
is familiar with it.
How do I get SA to parse the received header if that is the case?
I have placed a header below.
B) We are not using a dial-up. What do you mean send direct?
We have an Ip for our server and we have our mail server on the same box
using a different IP.
We have reverse DNS turned on for both IP's.
C) I have been searching for a manual everywhere for Windows. I cannot find
one.
I am on a windows system and do not have access to the man command.
[This header to an email being picked up as spam and below it is the SA
points]
Received: from localhost by Server-Name-Removed
With SpamAssassin (version 3.1.1);
Tue, 16 May 2006 22:26:26 -0500
From: "Spectacular Stuff" <email-address-removed>
To: <94...@message.alltel.com>
Subject: SPAM: Re: your alltel email message
Date: Tue, 16 May 2006 23:25:54 -0400 (Eastern Daylight Time)
Message-Id: <44...@RANDY>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on DEDE143
X-Spam-Level: *********
X-Spam-Status: Yes, score=9.9 required=8.0 tests=AWL,HELO_DYNAMIC_IPADDR
HTML_MESSAGE,HTML_TAG_EXIST_TBODY,NO_DNS_FOR_FROM,RCVD_IN_NJABL_DUL
RCVD_IN_SORBS_DUL autolearn=no version=3.1.1
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_446A97E2.4BEC0000"
X-SmarterMail-Spam: SPF_None
X-Rcpt-To: <email-address-removed>
[SA Points]
Content analysis details: (9.9 points, 8.0 required)
Pts rule name description
---- ----------------------
--------------------------------------------------
3.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP
addr1)
0.1 HTML_TAG_EXIST_TBODY BODY: HTML has "tbody" tag
0.0 HTML_MESSAGE BODY: HTML included in message
2.6 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[68.56.175.199 listed in dnsbl.sorbs.net]
1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[68.56.175.199 listed in combined.njabl.org]
0.1 AWL AWL: From: address is in the auto white-list
Wayne
-------Original Message-------
From: hamann.w@t-online.de
Date: 05/20/06 02:46:01
To: spectacularstuff
Cc: users@spamassassin.apache.org
Subject: SPAM-LOW: Re: Spam Assassin Detecting our emails as spam
>> I have just set up Spam Assassin on our server.
>> It is working very nicely however whenever we try to send an email from
our
>> own server to someone else on the same server, it gets picked up as spam.
>>
>> I am wondering if anyone here has experience with Spam Assassin and can
help
>> me fix the issues below as I don't know what they mean exactly.
>>
>> I have spam assassin set to detect at 8 points whether or not an email is
>> spam. We are way over that because of the following reasons.
>>
>> What do I have to fix on our server to fix the 4 issues below?
>>
>> 1. We are losing 3.4 points because of HELO_DYNAMIC_IPADDR.
>>
>> 2. We are losing 2.6 points because of NO_DNS_FOR_FROM.
>>
>> 3. We are losing 2.0 points because of RCVD_IN_SORBS_DUL.
>>
>> 4. We are losing 1.7 points because of RCVD_IN_NJABL_DUL.
>>
Hi,
you did not show the full headers - but probably your server failed to
indicate in its
Received headers that the mail from the dynamic ip was authenticated, or SA
failed
to parse the received header
Wolfgang Hamann