You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Andy Norris <an...@tireswing.net> on 2004/12/24 04:33:06 UTC
whitelist frustrations
Okay, if someone's feeling really holiday generous, maybe they can help me
out here... I'm having some problems whitelisting some mailing lists (this
one, for instance!) and some other mail...
As an example, I have these headers:
X-Persona: <TireSwing>
Return-Path: <xm...@xm-radio.com>
Received: from tireswing.arsalon.net (root@localhost)
by tireswing.net (8.12.10/8.12.10) with ESMTP id iBNM59rw022817
for <AN...@TIRESWING.NET>; Thu, 23 Dec 2004 16:05:09 -0600
X-ClientAddr: 63.146.24.84
Received: from ezwsmtp03.xm-radio.com (ezwsmtp03.xm-radio.com [63.146.24.84])
by tireswing.arsalon.net (8.12.10/8.12.10) with ESMTP id iBNM4ZMN022796
for <AN...@TIRESWING.NET>; Thu, 23 Dec 2004 16:04:35 -0600
Received: from CAMPAIGN ([63.146.24.84]) by ezwsmtp03.xm-radio.com with
Microsoft SMTPSVC(5.0.2195.5329);
Thu, 23 Dec 2004 16:54:55 -0500
From: xmsignal@xm-radio.com
To: ANDY@TIRESWING.NET
Message-Id: <20...@xm-radio.com>
Subject: [SPAM] XM Signal - Your Guide to XM On and Off the Air
Date: Thu, 23 Dec 2004 16:54:55 -0500
MIME-Version: 1.0
Reply-To: listenercare@xmradio.com
Content-Type: multipart/alternative; boundary="Boundary.11111111.11111111"
X-OriginalArrivalTime: 23 Dec 2004 21:54:55.0382 (UTC)
FILETIME=[09BAAB60:01C4E93A]
X-TireSwing-MailScanner-Information: Please contact the ISP for more
information
X-TireSwing-MailScanner: Found to be clean
X-TireSwing-MailScanner-SpamCheck: spam, SpamAssassin (score=7.244,
required 5, autolearn=disabled, BODY_BLAMES_YOU_1 1.11,
BODY_OBFU_SEX 2.12, HTML_70_80 1.00, HTML_MESSAGE 1.00,
HTML_MISSING_CTYPE 1.00, URI_DEAL_ADJ 1.01)
X-TireSwing-MailScanner-SpamScore: sssssss
X-MailScanner-From: xmsignal@xm-radio.com
I want to add this to the whitelist. So I have this rule in a custom rule
set (I KNOW these rules should be firing, as some of the other rules in
this file are hitting on test messages):
whitelist_from_rcvd xmsignal@xm-radio.com ezwsmtp03.xm-radio.com
What am I doing wrong here? This rule is completely ignored.
Thanks for any guidance, and happy holidays,
Andy
Re: whitelist frustrations
Posted by Andy Norris <an...@tireswing.net>.
Thanks Alan,
I'm running spamassassin through MailScanner. So I'm not running spamd. Is
this a wrinkle in the scheme of things?
Andy
At 11:25 pm 2004-12-23, alan premselaar wrote:
>Andy Norris wrote:
>>Okay, if someone's feeling really holiday generous, maybe they can help
>>me out here... I'm having some problems whitelisting some mailing lists
>>(this one, for instance!) and some other mail...
>>As an example, I have these headers:
>>X-Persona: <TireSwing>
>>Return-Path: <xm...@xm-radio.com>
>>Received: from tireswing.arsalon.net (root@localhost)
>> by tireswing.net (8.12.10/8.12.10) with ESMTP id iBNM59rw022817
>> for <AN...@TIRESWING.NET>; Thu, 23 Dec 2004 16:05:09 -0600
>>X-ClientAddr: 63.146.24.84
>>Received: from ezwsmtp03.xm-radio.com (ezwsmtp03.xm-radio.com [63.146.24.84])
>> by tireswing.arsalon.net (8.12.10/8.12.10) with ESMTP id iBNM4ZMN022796
>> for <AN...@TIRESWING.NET>; Thu, 23 Dec 2004 16:04:35 -0600
>>Received: from CAMPAIGN ([63.146.24.84]) by ezwsmtp03.xm-radio.com with
>>Microsoft SMTPSVC(5.0.2195.5329);
>> Thu, 23 Dec 2004 16:54:55 -0500
>>From: xmsignal@xm-radio.com
>>To: ANDY@TIRESWING.NET
>>Message-Id: <20...@xm-radio.com>
>>Subject: [SPAM] XM Signal - Your Guide to XM On and Off the Air
>>Date: Thu, 23 Dec 2004 16:54:55 -0500
>>MIME-Version: 1.0
>>Reply-To: listenercare@xmradio.com
>>Content-Type: multipart/alternative; boundary="Boundary.11111111.11111111"
>>X-OriginalArrivalTime: 23 Dec 2004 21:54:55.0382 (UTC)
>>FILETIME=[09BAAB60:01C4E93A]
>>X-TireSwing-MailScanner-Information: Please contact the ISP for more
>>information
>>X-TireSwing-MailScanner: Found to be clean
>>X-TireSwing-MailScanner-SpamCheck: spam, SpamAssassin (score=7.244,
>> required 5, autolearn=disabled, BODY_BLAMES_YOU_1 1.11,
>> BODY_OBFU_SEX 2.12, HTML_70_80 1.00, HTML_MESSAGE 1.00,
>> HTML_MISSING_CTYPE 1.00, URI_DEAL_ADJ 1.01)
>>X-TireSwing-MailScanner-SpamScore: sssssss
>>X-MailScanner-From: xmsignal@xm-radio.com
>>
>>I want to add this to the whitelist. So I have this rule in a custom rule
>>set (I KNOW these rules should be firing, as some of the other rules in
>>this file are hitting on test messages):
>>whitelist_from_rcvd xmsignal@xm-radio.com ezwsmtp03.xm-radio.com
>>What am I doing wrong here? This rule is completely ignored.
>>Thanks for any guidance, and happy holidays,
>>Andy
>
>Andy,
>
> how are you calling SpamAssassin from sendmail? does it get called
> when the message is originally received from the remote host, or does it
> get called after the message is passed back to the localhost?
>
>Have you tried running 'spamassassin -D < that_message' (no quotes)?
>that should give you some pretty useful debug information.
>
>the one thing I can think of off the top of my head (although I'm not sure
>about it) is that if it's getting called after the message is passed back
>into your SMTP server, perhaps spamassassin is thinking that the message
>is being delivered via localhost instead of ezwsmtp03.xm-radio.com and
>therefore not meeting the criteria requirements of that whitelist
>entry. Like I said, I haven't tested this theory... just an idea off the
>top of my head.
>
>hope this helps
>
>alan
Re: whitelist frustrations
Posted by alan premselaar <al...@12inch.com>.
Andy Norris wrote:
>
> Okay, if someone's feeling really holiday generous, maybe they can help
> me out here... I'm having some problems whitelisting some mailing lists
> (this one, for instance!) and some other mail...
>
> As an example, I have these headers:
>
> X-Persona: <TireSwing>
> Return-Path: <xm...@xm-radio.com>
> Received: from tireswing.arsalon.net (root@localhost)
> by tireswing.net (8.12.10/8.12.10) with ESMTP id iBNM59rw022817
> for <AN...@TIRESWING.NET>; Thu, 23 Dec 2004 16:05:09 -0600
> X-ClientAddr: 63.146.24.84
> Received: from ezwsmtp03.xm-radio.com (ezwsmtp03.xm-radio.com
> [63.146.24.84])
> by tireswing.arsalon.net (8.12.10/8.12.10) with ESMTP id iBNM4ZMN022796
> for <AN...@TIRESWING.NET>; Thu, 23 Dec 2004 16:04:35 -0600
> Received: from CAMPAIGN ([63.146.24.84]) by ezwsmtp03.xm-radio.com with
> Microsoft SMTPSVC(5.0.2195.5329);
> Thu, 23 Dec 2004 16:54:55 -0500
> From: xmsignal@xm-radio.com
> To: ANDY@TIRESWING.NET
> Message-Id: <20...@xm-radio.com>
> Subject: [SPAM] XM Signal - Your Guide to XM On and Off the Air
> Date: Thu, 23 Dec 2004 16:54:55 -0500
> MIME-Version: 1.0
> Reply-To: listenercare@xmradio.com
> Content-Type: multipart/alternative; boundary="Boundary.11111111.11111111"
> X-OriginalArrivalTime: 23 Dec 2004 21:54:55.0382 (UTC)
> FILETIME=[09BAAB60:01C4E93A]
> X-TireSwing-MailScanner-Information: Please contact the ISP for more
> information
> X-TireSwing-MailScanner: Found to be clean
> X-TireSwing-MailScanner-SpamCheck: spam, SpamAssassin (score=7.244,
> required 5, autolearn=disabled, BODY_BLAMES_YOU_1 1.11,
> BODY_OBFU_SEX 2.12, HTML_70_80 1.00, HTML_MESSAGE 1.00,
> HTML_MISSING_CTYPE 1.00, URI_DEAL_ADJ 1.01)
> X-TireSwing-MailScanner-SpamScore: sssssss
> X-MailScanner-From: xmsignal@xm-radio.com
>
>
>
> I want to add this to the whitelist. So I have this rule in a custom
> rule set (I KNOW these rules should be firing, as some of the other
> rules in this file are hitting on test messages):
>
> whitelist_from_rcvd xmsignal@xm-radio.com ezwsmtp03.xm-radio.com
>
> What am I doing wrong here? This rule is completely ignored.
>
> Thanks for any guidance, and happy holidays,
>
> Andy
>
Andy,
how are you calling SpamAssassin from sendmail? does it get called
when the message is originally received from the remote host, or does it
get called after the message is passed back to the localhost?
Have you tried running 'spamassassin -D < that_message' (no quotes)?
that should give you some pretty useful debug information.
the one thing I can think of off the top of my head (although I'm not
sure about it) is that if it's getting called after the message is
passed back into your SMTP server, perhaps spamassassin is thinking that
the message is being delivered via localhost instead of
ezwsmtp03.xm-radio.com and therefore not meeting the criteria
requirements of that whitelist entry. Like I said, I haven't tested
this theory... just an idea off the top of my head.
hope this helps
alan
Re: whitelist frustrations
Posted by Thomas Arend <ml...@arend-whv.info>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am Freitag, 24. Dezember 2004 04:33 schrieb Andy Norris:
> Okay, if someone's feeling really holiday generous, maybe they can help me
> out here... I'm having some problems whitelisting some mailing lists (this
> one, for instance!) and some other mail...
>
> As an example, I have these headers:
>
> X-Persona: <TireSwing>
> Return-Path: <xm...@xm-radio.com>
> Received: from tireswing.arsalon.net (root@localhost)
> by tireswing.net (8.12.10/8.12.10) with ESMTP id iBNM59rw022817
> for <AN...@TIRESWING.NET>; Thu, 23 Dec 2004 16:05:09 -0600
> X-ClientAddr: 63.146.24.84
> Received: from ezwsmtp03.xm-radio.com (ezwsmtp03.xm-radio.com
> [63.146.24.84]) by tireswing.arsalon.net (8.12.10/8.12.10) with ESMTP id
> iBNM4ZMN022796 for <AN...@TIRESWING.NET>; Thu, 23 Dec 2004 16:04:35 -0600
> Received: from CAMPAIGN ([63.146.24.84]) by ezwsmtp03.xm-radio.com with
> Microsoft SMTPSVC(5.0.2195.5329);
> Thu, 23 Dec 2004 16:54:55 -0500
> From: xmsignal@xm-radio.com
> To: ANDY@TIRESWING.NET
[..]
>
>
> I want to add this to the whitelist. So I have this rule in a custom rule
> set (I KNOW these rules should be firing, as some of the other rules in
> this file are hitting on test messages):
>
> whitelist_from_rcvd xmsignal@xm-radio.com ezwsmtp03.xm-radio.com
>
> What am I doing wrong here? This rule is completely ignored.
- From man Mail::Spamassassin::Conf
:cite
whitelist_from_rcvd addr@lists.sourceforge.net source-
forge.net
Use this to supplement the whitelist_from addresses
with a check against the Received headers. The first
parameter is the address to whitelist, and the second
is a string to match the relay's rDNS.
This string is matched against the reverse DNS lookup
used during the handover from the internet to your
internal network's mail exchangers. It can either be
the full hostname, or the domain component of that
hostname. In other words, if the host that connected
to your MX had an IP address that mapped to 'send-
inghost.spamassassin.org', you should specify "send-
inghost.spamassassin.org" or just "spamassassin.org"
here.
Note that this requires that "internal_networks" be
correct. For simple cases, it will be, but for a com-
plex network, or running with DNS checks off or with
"-L", you may get better results by setting that
parameter.
:ecite
You aren't receiving the Mail directly from ezwsmtp03.xm-radio.com but from
tireswing.arsalon.net. Maybe this is the reason why the rule doesn't fire?
Merry X-mas
Thomas
- --
icq:133073900
aim:tawhv
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFBy8ZwHe2ZLU3NgHsRAkFPAJ9TOWo4/0T1bBDVN2oomGvQ3tuiGwCfQzbQ
AAiznT/Unlqni4Ub8usGgI0=
=3xOk
-----END PGP SIGNATURE-----
Re: whitelist frustrations
Posted by Matt Kettler <mk...@comcast.net>.
At 09:33 PM 12/23/2004 -0600, Andy Norris wrote:
>I want to add this to the whitelist. So I have this rule in a custom rule
>set (I KNOW these rules should be firing, as some of the other rules in
>this file are hitting on test messages):
>
>whitelist_from_rcvd xmsignal@xm-radio.com ezwsmtp03.xm-radio.com
>
>What am I doing wrong here? This rule is completely ignored.
I see two Received: headers in your network. Does SA run on the second
mailserver? or does SA run on the first (tireswing.arsalon.net) and the
second is just an internal post office server?
If SA runs on the second box, you probably need some tweaks to your trust
path. SA by default may not trust tireswing.arsalon.net, and thus will not
recognize the mail as coming from xm-radio.com, it will recognize it as
coming from arsalon.net.
To fix it log in to your mailserver, and run the following commands:
host tireswing.arsalon.net
host tireswing.net
Add those IPs, and only those IPs, to your trusted_networks statement with
/32 netmasks on the end.
i.e: (assuming that tireswing.net doesn't self-resolve to a reserved IP due
to nat. if it does, substitute accordingly)
trusted_networks
<http://www.DNSstuff.com/tools/whois.ch?ip=206.113.206.225>206.113.206.225/32
<http://www.DNSstuff.com/tools/whois.ch?ip=206.113.206.224>206.113.206.224/32
127.0.0.1/32
One thing that does concern me, is it looks like the hostname your server
uses (tireswing.net) doesn't resolve to your own IP. That's a VERY bad
thing for a mailserver, if it's the case...
This was in your outbound mail:
Received: from TIRESWING.tireswing.net (12-217-55-151.client.mchsi.com
[12.217.55.151])
(authenticated bits=0)
by tireswing.arsalon.net (8.12.10/8.12.10) with ESMTP id
iBO3gmMO004984
for <us...@spamassassin.apache.org>; Thu, 23 Dec 2004 21:42:48 -0600
Which suggests that you are really not at
<http://www.DNSstuff.com/tools/whois.ch?ip=206.113.206.225>206.113.206.225
(A record for "tireswing.net") but you are instead at 12.217.55.151. If SA
is running at 12.217.55.151... that ought get fixed...