You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2004/06/09 23:42:59 UTC
[Bug 3496] New: rbl checks being applied to first hop
http://bugzilla.spamassassin.org/show_bug.cgi?id=3496
Summary: rbl checks being applied to first hop
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Rules (Eval Tests)
AssignedTo: spamassassin-dev@incubator.apache.org
ReportedBy: nneul@umr.edu
I've got local mail sent from a local client - through our smtp server. Client
ip is on the dialup/dynamic rbls. SA is getting hits on those rbls.
The only log entries that seem interesting are the ones from SPF that say it was
delivered entirely by trusted relays, and the one about being unable to parse
IPv4 address...
Am I misunderstanding something here? this behavior does not exist in a trunk
snapshot from 2004-03-29.
Here's the trace from spamd:
Jun 9 16:30:18 spamtest spamd[8224]: got connection over
/local/spamassassin/tmp/spamd.sock
Jun 9 16:30:18 spamtest spamd[8224]: debug: Conf::SQL: executing SQL: select
preference, value from userpref where username = 'nneul@msx.umr.edu' or
username = '@GLOBAL' order by username asc
Jun 9 16:30:18 spamtest spamd[8224]: debug: retrieving prefs for
nneul@msx.umr.edu from SQL server
Jun 9 16:30:18 spamtest spamd[8224]: debug: user has changed
Jun 9 16:30:18 spamtest spamd[8224]: debug: Score set 1 chosen.
Jun 9 16:30:18 spamtest spamd[8224]: processing message
<20...@smtp.umr.edu> for nneul@msx.umr.edu:23236.
Jun 9 16:30:18 spamtest spamd[8224]: debug: received-header: could not parse
IPv4 address, assuming IPv6
Jun 9 16:30:18 spamtest spamd[8224]: debug: received-header: parsed as [
ip=131.151.93.80 rdns=r08itlaptop.ddns.umr.edu helo=me.umr.edu by=smtp.umr.edu
ident= envfrom= intl=0 id=i59LSfHF025467 ]
Jun 9 16:30:18 spamtest spamd[8224]: debug: is Net::DNS::Resolver available? yes
Jun 9 16:30:18 spamtest spamd[8224]: debug: Net::DNS version: 0.38
Jun 9 16:30:18 spamtest spamd[8224]: debug: looking up A records for
'smtp.umr.edu'
Jun 9 16:30:18 spamtest spamd[8224]: debug: A records for 'smtp.umr.edu':
131.151.1.120 131.151.1.89
Jun 9 16:30:18 spamtest spamd[8224]: debug: received-header: 'from'
131.151.93.80 is near to first 'by'
Jun 9 16:30:18 spamtest spamd[8224]: debug: received-header: relay
131.151.93.80 trusted? yes internal? no
Jun 9 16:30:18 spamtest spamd[8224]: debug: metadata: X-Spam-Relays-Trusted: [
ip=131.151.93.80 rdns=r08itlaptop.ddns.umr.edu helo=me.umr.edu by=smtp.umr.edu
ident= envfrom= intl=0 id=i59LSfHF025467 ]
Jun 9 16:30:18 spamtest spamd[8224]: debug: metadata: X-Spam-Relays-Untrusted:
Jun 9 16:30:18 spamtest spamd[8224]: debug: ---- MIME PARSER START ----
Jun 9 16:30:18 spamtest spamd[8224]: debug: main message type: text/plain
Jun 9 16:30:18 spamtest spamd[8224]: debug: parsing normal part
Jun 9 16:30:18 spamtest spamd[8224]: debug: added part, type: text/plain
Jun 9 16:30:18 spamtest spamd[8224]: debug: ---- MIME PARSER END ----
Jun 9 16:30:18 spamtest spamd[8224]: debug: decoding: no encoding detected
Jun 9 16:30:18 spamtest spamd[8224]: debug: Message too short for language
analysis
Jun 9 16:30:18 spamtest spamd[8224]: debug: is Net::DNS::Resolver available? yes
Jun 9 16:30:18 spamtest spamd[8224]: debug: Net::DNS version: 0.38
Jun 9 16:30:18 spamtest spamd[8224]: debug: all '*From' addrs: rwa@umr.edu
Jun 9 16:30:18 spamtest spamd[8224]: debug: Running tests for priority: 0
Jun 9 16:30:18 spamtest spamd[8224]: debug: running header regexp tests; score
so far=0
Jun 9 16:30:18 spamtest spamd[8224]: debug: all '*To' addrs: nneul@umr.edu
Jun 9 16:30:18 spamtest spamd[8224]: debug: SPF: message was delivered entirely
via trusted relays, not required
Jun 9 16:30:18 spamtest spamd[8224]: debug: SPF: message was delivered entirely
via trusted relays, not required
Jun 9 16:30:18 spamtest spamd[8224]: debug: running body-text per-line regexp
tests; score so far=-0.714
Jun 9 16:30:18 spamtest spamd[8224]: debug: running uri tests; score so far=-0.714
Jun 9 16:30:19 spamtest spamd[8224]: debug: Razor2 is available
Jun 9 16:30:19 spamtest spamd[8224]: debug: entering helper-app run mode
Jun 9 16:30:19 spamtest spamd[8224]: debug: Using results from Razor v2.36
Jun 9 16:30:19 spamtest spamd[8224]: debug: Found Razor2 part: part=0 engine=4
ct=0 cf=0
Jun 9 16:30:19 spamtest spamd[8224]: debug: leaving helper-app run mode
Jun 9 16:30:19 spamtest spamd[8224]: debug: Razor2 results: spam? 0 highest cf
score: 0
Jun 9 16:30:19 spamtest spamd[8224]: debug: running raw-body-text per-line
regexp tests; score so far=-0.714
Jun 9 16:30:19 spamtest spamd[8224]: debug: running full-text regexp tests;
score so far=-0.714
Jun 9 16:30:19 spamtest spamd[8224]: debug: Pyzor is not available: pyzor not
found
Jun 9 16:30:19 spamtest spamd[8224]: debug: DCCifd is available:
/local/dcc/redhat9/dccifd
Jun 9 16:30:19 spamtest spamd[8224]: debug: entering helper-app run mode
Jun 9 16:30:19 spamtest spamd[8224]: debug: DCCifd: got response:
X-DCC-UMR-Metrics: spamtest.cc.umr.edu 1057; Body=0
Jun 9 16:30:19 spamtest spamd[8224]: debug: leaving helper-app run mode
Jun 9 16:30:19 spamtest spamd[8224]: debug: Razor2 is available
Jun 9 16:30:19 spamtest spamd[8224]: debug: Running tests for priority: 500
Jun 9 16:30:20 spamtest spamd[8224]: debug: RBL: success for 6 of 6 queries
Jun 9 16:30:20 spamtest spamd[8224]: debug: running meta tests; score so far=2.457
Jun 9 16:30:20 spamtest spamd[8224]: debug: running header regexp tests; score
so far=2.457
Jun 9 16:30:20 spamtest spamd[8224]: debug: running body-text per-line regexp
tests; score so far=2.457
Jun 9 16:30:20 spamtest spamd[8224]: debug: running uri tests; score so far=2.457
Jun 9 16:30:20 spamtest spamd[8224]: debug: running raw-body-text per-line
regexp tests; score so far=2.457
Jun 9 16:30:20 spamtest spamd[8224]: debug: running full-text regexp tests;
score so far=2.457
Jun 9 16:30:20 spamtest spamd[8224]: debug: Running tests for priority: 1000
Jun 9 16:30:20 spamtest spamd[8224]: debug: running meta tests; score so far=2.457
Jun 9 16:30:20 spamtest spamd[8224]: debug: running header regexp tests; score
so far=2.457
Jun 9 16:30:20 spamtest spamd[8224]: debug: SQL Based AWL: Connected to
DBI:mysql:spamd:localhost
Jun 9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based)
get_addr_entry: No entry found for rwa@umr.edu|ip=131.151
Jun 9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based):
rwa@umr.edu|ip=131.151 scores 0/0
Jun 9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based)
get_addr_entry: No entry found for rwa@umr.edu|ip=none
Jun 9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based):
rwa@umr.edu|ip=none scores 0/0
Jun 9 16:30:21 spamtest spamd[8224]: debug: AWL active, pre-score: 2.457,
autolearn score: 2.457, mean: undef, IP: 131.151.93.80
Jun 9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based)
add_score: Created new entry for rwa@umr.edu|ip=131.151 with totscore: 2.457
Jun 9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based) finish:
Disconnected from DBI:mysql:spamd:localhost
Jun 9 16:30:21 spamtest spamd[8224]: debug: Post AWL score: 2.457
Jun 9 16:30:21 spamtest spamd[8224]: debug: running body-text per-line regexp
tests; score so far=2.457
Jun 9 16:30:21 spamtest spamd[8224]: debug: running uri tests; score so far=2.457
Jun 9 16:30:21 spamtest spamd[8224]: debug: running raw-body-text per-line
regexp tests; score so far=2.457
Jun 9 16:30:21 spamtest spamd[8224]: debug: running full-text regexp tests;
score so far=2.457
Jun 9 16:30:21 spamtest spamd[8224]: debug: is spam? score=2.457 required=5
Jun 9 16:30:21 spamtest spamd[8224]: debug:
tests=ALL_TRUSTED,MISSING_HEADERS,NO_REAL_NAME,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL
Jun 9 16:30:21 spamtest spamd[8224]: debug:
subtests=__HAS_MSGID,__HAS_SUBJECT,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__TM2_MISC_DATA
Jun 9 16:30:22 spamtest spamd[8224]: clean message (2.5/5.0) for
nneul@msx.umr.edu:23236 in 4.4 seconds, 516 bytes.
Jun 9 16:30:22 spamtest spamd[8224]: result: . 2 -
ALL_TRUSTED,MISSING_HEADERS,NO_REAL_NAME,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL
scantime=4.4,size=516,mid=<20...@smtp.umr.edu>,autolearn=disabled
Jun 9 16:30:22 spamtest qmail: 1086816622.905790 delivery 30: success:
131.151.1.113_accepted_message./Remote_host_said:_250_2.6.0__<20...@smtp.umr.edu>_Queued_mail_for_delivery/
Jun 9 16:30:22 spamtest qmail: 1086816622.921209 status: local 0/10 remote 0/25
Jun 9 16:30:22 spamtest qmail: 1086816622.931961 end msg 237735
And here are the message headers:
Received: from umr-msxproto2.umr.edu ([131.151.1.113]) by umr-mail11.umr.edu
with Microsoft SMTPSVC(6.0.3790.0);
Wed, 9 Jun 2004 16:30:23 -0500
Received: from spamtest.cc.umr.edu ([131.151.0.89]) by umr-msxproto2.umr.edu
with Microsoft SMTPSVC(6.0.3790.0);
Wed, 9 Jun 2004 16:30:22 -0500
Received: (qmail 9032 invoked from network); 9 Jun 2004 21:30:17 -0000
Received: from unknown (HELO smtp.umr.edu) (unknown)
by unknown with SMTP; 9 Jun 2004 21:30:17 -0000
Received: from me.umr.edu (r08itlaptop.ddns.umr.edu [131.151.93.80])
by smtp.umr.edu (8.12.11/) with SMTP id i59LSfHF025467
for <nn...@umr.edu>; Wed, 9 Jun 2004 16:29:34 -0500
Date: Wed, 9 Jun 2004 16:28:41 -0500
From: rwa@umr.edu
Message-Id: <20...@smtp.umr.edu>
Subject: fake mail
X-Spam-Level: **
X-Spam-Status: No, score=2.5 required=5.0 tests=ALL_TRUSTED,MISSING_HEADERS,
NO_REAL_NAME,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL autolearn=disabled
version=3.0.0-r20550
X-Spam-Checker-Version: SpamAssassin 3.0.0-r20550 (2004-05-28) on
spamtest.cc.umr.edu
X-Spam-DCC: UMR: spamtest.cc.umr.edu 1057; Body=0
Bcc:
Return-Path: rwa@umr.edu
X-OriginalArrivalTime: 09 Jun 2004 21:30:22.0834 (UTC)
FILETIME=[F8A4ED20:01C44E68]
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.