You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2014/06/13 17:16:20 UTC

[Bug 7051] New: False triggering of RCVD_ILLEGAL_IP for unknown reason

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7051

            Bug ID: 7051
           Summary: False triggering of RCVD_ILLEGAL_IP for unknown reason
           Product: Spamassassin
           Version: 3.4.0
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Rules
          Assignee: dev@spamassassin.apache.org
          Reporter: tom@tomlogic.com

I'm seeing RCVD_ILLEGAL_IP hit on a SA 3.4.0 installation on various messages
coming through Yahoo Groups.  Here are headers from a recent example:

Received: from unknown (HELO ng10-vm12.bullet.mail.gq1.yahoo.com)
(98.136.219.129)
  by saul.tomlogic.com with SMTP; 13 Jun 2014 07:14:56 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoogroups.com;
s=echoe; t=1402643798; bh=+SkVaHYD1ICc0TNolCj7ySWySOODUvmRLNFKBMxXTt0=;
h=Received:Received:X-Yahoo-Newman-Id:X-Sender:X-Apparently-To:X-Received:X-Received:X-Received:X-Received:X-Received:X-Received:X-Received:To:Message-ID:X-Mailer:X-Original-From:X-Originating-IP:X-eGroups-Msg-Info:X-Yahoo-Post-IP:From:X-Yahoo-Profile:Sender:MIME-Version:Mailing-List:Delivered-To:List-Id:Precedence:List-Unsubscribe:Date:Subject:Reply-To:X-Yahoo-Newman-Property:Content-Type;
b=RisvjQcZ1Fh3WTVx5WNurIwGr5OghvqC6SD/w9qvBkVtQM3aT+0ryWcGObfr2eQAhV6UfdFiR3B5WXZ9scw58QSwhXsuOWQf/+mZljUWO+xaZy2HVYM15P07v4KUXUTusiDWjkMu3pO4X+ppqwPqpTTciID2ODIa9hW35ZFeqcM=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=echoe; d=yahoogroups.com;
   
b=mAaYyREpmvQNsR5CNzRbOmHtKrnjuKQ0RDT92OvISGFrCt1VOpUQduCdE7nSi16oTZE1FsMQNp6IADfyRz2wipQJvK6ZJD4QKnCj460Y+5xTBJ3vSS/vcfiDMH07X9GG6CG93qiBlhfkMt0Tx/a5XPshJGs7oxHOsM3l0AV54c8=;
Received: from [98.137.0.85] by ng10.bullet.mail.gq1.yahoo.com with NNFMP; 13
Jun 2014 07:16:38 -0000
Received: from [10.193.39.27] by tg5.bullet.mail.gq1.yahoo.com with NNFMP; 13
Jun 2014 07:16:38 -0000
X-Yahoo-Newman-Id: 76254548-m1383
X-Sender: xxx@yahoogroups.com
X-Apparently-To: xxx@yahoogroups.com
X-Received: (qmail 366 invoked by uid 102); 13 Jun 2014 07:16:37 -0000
X-Received: from unknown (HELO mtaq5.grp.bf1.yahoo.com) (10.193.84.36)
  by m10.grp.bf1.yahoo.com with SMTP; 13 Jun 2014 07:16:37 -0000
X-Received: (qmail 4622 invoked from network); 13 Jun 2014 07:16:37 -0000
X-Received: from unknown (HELO n1-vm3.bullet.mail.bf1.yahoo.com)
(72.30.235.159)
  by mtaq5.grp.bf1.yahoo.com with SMTP; 13 Jun 2014 07:16:37 -0000
X-Received: from [66.196.81.176] by n1.bullet.mail.bf1.yahoo.com with NNFMP; 13
Jun 2014 07:16:37 -0000
X-Received: from [10.193.242.234] by t6.bullet.mail.bf1.yahoo.com with NNFMP;
13 Jun 2014 07:16:36 -0000
X-Received: from [127.0.0.1] by gapi7.grp.bf1.yahoo.com with NNFMP; 13 Jun 2014
07:16:36 -0000
To: <xx...@yahoogroups.com>
Message-ID: <ln...@YahooGroups.com>
X-Mailer: Yahoo Groups Message Poster
X-Original-From: pinballmail@yahoo.com
X-Originating-IP: 238.43.169.202
X-eGroups-Msg-Info: 1:12:0:0:0
X-Yahoo-Post-IP: 238.43.169.202
From: "xxxxx@yahoo.com [xxx]" <xx...@yahoogroups.com>
X-Yahoo-Profile: xxxxx
Sender: xxx@yahoogroups.com
MIME-Version: 1.0
Mailing-List: list xxx@yahoogroups.com; contact xxx-owner@yahoogroups.com
Delivered-To: mailing list xxx@yahoogroups.com
List-Id: <xxx.yahoogroups.com>
Precedence: bulk
List-Unsubscribe: <ma...@yahoogroups.com>
Date: 13 Jun 2014 00:16:36 -0700
Subject: [xxx] [CCPL-East] Week 02 Results!
Reply-To: xxx@yahoogroups.com
X-Yahoo-Newman-Property: groups-email-ff-m
Content-Type: multipart/alternative;
 boundary="9nlWnTS9ocNmxdhsK3FKVLWiM6a5jwOaA8HvrLV"

Why is this triggering, and does there need to be a rule update?  I'm dropping
the score on my machines temporarily until I can understand what's happening.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7051] False triggering of RCVD_ILLEGAL_IP for unknown reason

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7051

Karsten Bräckelmann <gu...@rudersport.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Karsten Bräckelmann <gu...@rudersport.de> ---
(In reply to Tom Collins from comment #0)
> I'm seeing RCVD_ILLEGAL_IP hit on a SA 3.4.0 installation on various
> messages coming through Yahoo Groups.  Here are headers from a recent
> example:

> X-Originating-IP: 238.43.169.202

The class A network 238/8 is part of the Multicast reserved address block.

> Why is this triggering, and does there need to be a rule update?  I'm
> dropping the score on my machines temporarily until I can understand what's
> happening.

Closing RESOLVED INVALID, aka "not a bug".

Tom, if you believe the rule to hit erroneously nonetheless, please feel free
to reopen this report. For more general discussion and questions, please use
the users@ mailing-list.

-- 
You are receiving this mail because:
You are the assignee for the bug.