You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2005/12/08 18:48:43 UTC
Re: False positive problem from mis-parsing Received lines?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
"Kai Schaetzl" writes:
> wrote on Wed, 7 Dec 2005 20:27:11 -0800:
>
> > If SpamAssassin has some particular prefered format for Received
> > headers, I'd certainly consider changing the format for the next
> > release of Mail Avenger. But if this is something that SpamAssassin
> > could fix, that would be good, too.
>
> You can submit a bug report at the SA bugzilla:
> http://issues.apache.org/SpamAssassin/
> I don't know if they will be able to adapt (see below).
>
> I think everyone would benefit if you change the Received format to the
> standard format, see below. The problem with different formats is that
> it's not always possible to determine the format, after all there's no
> header X-Received-Format: which could be checked and then the correct
> Regexp applied. Instead you have to put safeguard after safeguard in the
> regexp, so that it doesn't match too many false stuff. It's simply near as
> impossible to do that. In the end you end up with nothing matching at all.
Exactly. agreed!
> Received: from mail.apache.org (hermes.apache.org [209.237.227.199])
> by n8.online-netz.de (8.12.10/8.12.10/nx 1.4) with SMTP id jB83OH7p031721
> for <ma...@conactive.com>; Thu, 8 Dec 2005 04:24:18 +0100
>
> where "mail.apache.org" is the HELO and the stuff in () is IP and reverse
> dns, AFAIK. This format is pretty standard = many mailers use it, not only
> sendmail.
Yes -- note that this is slightly different -- the HELO is listed first,
*before* the rDNS.
This is why SpamAssassin is misparsing the Mail Avenger line; it's
similar, but not quite similar *enough* to sendmail's format.
(NOTE: despite what jdow said, it *is* the format, *NOT* the basic data
content in DNS, that's causing trouble here. It's perfectly acceptable to
HELO as genstor.com and have an rDNS of
adsl-71-133-227-154.dsl.pltn13.pacbell.net. Those rules are intended to
catch hosts that *HELO* with a string like
adsl-71-133-227-154.dsl.pltn13.pacbell.net .)
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFDmHH7MJF5cimLx9ARAiasAKCwqmdE1CltU0Lfqi48yqeVBioZqQCdGOne
fMIPIL6NKzEzYj+FnLeYctA=
=AkqK
-----END PGP SIGNATURE-----
Re: False positive problem from mis-parsing Received lines?
Posted by jdow <jd...@earthlink.net>.
From: "Justin Mason" <jm...@jmason.org>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> "Kai Schaetzl" writes:
>> wrote on Wed, 7 Dec 2005 20:27:11 -0800:
>>
>> > If SpamAssassin has some particular prefered format for Received
>> > headers, I'd certainly consider changing the format for the next
>> > release of Mail Avenger. But if this is something that SpamAssassin
>> > could fix, that would be good, too.
>>
>> You can submit a bug report at the SA bugzilla:
>> http://issues.apache.org/SpamAssassin/
>> I don't know if they will be able to adapt (see below).
>>
>> I think everyone would benefit if you change the Received format to the
>> standard format, see below. The problem with different formats is that
>> it's not always possible to determine the format, after all there's no
>> header X-Received-Format: which could be checked and then the correct
>> Regexp applied. Instead you have to put safeguard after safeguard in the
>> regexp, so that it doesn't match too many false stuff. It's simply near as
>> impossible to do that. In the end you end up with nothing matching at all.
>
> Exactly. agreed!
>
>> Received: from mail.apache.org (hermes.apache.org [209.237.227.199])
>> by n8.online-netz.de (8.12.10/8.12.10/nx 1.4) with SMTP id jB83OH7p031721
>> for <ma...@conactive.com>; Thu, 8 Dec 2005 04:24:18 +0100
>>
>> where "mail.apache.org" is the HELO and the stuff in () is IP and reverse
>> dns, AFAIK. This format is pretty standard = many mailers use it, not only
>> sendmail.
>
> Yes -- note that this is slightly different -- the HELO is listed first,
> *before* the rDNS.
>
> This is why SpamAssassin is misparsing the Mail Avenger line; it's
> similar, but not quite similar *enough* to sendmail's format.
>
> (NOTE: despite what jdow said, it *is* the format, *NOT* the basic data
> content in DNS, that's causing trouble here. It's perfectly acceptable to
> HELO as genstor.com and have an rDNS of
> adsl-71-133-227-154.dsl.pltn13.pacbell.net. Those rules are intended to
> catch hosts that *HELO* with a string like
> adsl-71-133-227-154.dsl.pltn13.pacbell.net .)
I sit corrected. I've never noticed that sort of rDNS format on any ham.
I suppose I have not looked hard enough.
{^_^}
Re: False positive problem from mis-parsing Received lines?
Posted by Kai Schaetzl <ma...@conactive.com>.
Justin Mason wrote on Thu, 08 Dec 2005 09:48:43 -0800:
> Those rules are intended to
> catch hosts that *HELO* with a string like
> adsl-71-133-227-154.dsl.pltn13.pacbell.net .)
Yeah. BTW, it seems that the HCC rule matches almost the same stuff as the
DHCP rule, so it's likely that both match at the same time the same
pattern. Is that intentional or shouldn't this be avoided?
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com