You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Leonardo Rodrigues Magalhães <le...@solutti.com.br> on 2008/05/03 17:51:32 UTC
whitelisting webmail application
Hello Guys,
im running SA 3.2.4 and, on the same machine, horde/imp as webmail
application.
Sometimes, mails sent through imp are getting flagged as SPAM
because of RBL checks, for example:
Content analysis details: (8.4 points, 8.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.3 TVD_RCVD_SINGLE TVD_RCVD_SINGLE
3.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
[botnet_ipinhosntame,ip=201.67.93.102,rdns=201-67-93-102.gnace704.dsl.brasiltelecom.net.br]
0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
0.0 HTML_MESSAGE BODY: HTML included in message
5.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[201.67.93.102 listed in zen.spamhaus.org]
0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
Content analysis details: (11.7 points, 8.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
5.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[201.11.150.2 listed in zen.spamhaus.org]
5.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
1.6 TVD_RCVD_IP TVD_RCVD_IP
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
Well .... in fact i would like my webmail sent applications to be
considered 'trusted' and not pass through SA rules, but i dont know how
to do that. I think i'm having this kind of behavior because IMP is
inserting Received: headers with real ip users apparently when remote IP
has reverse and always with X-Originating-IP
(with remote IP address as X-Originating-IP)
Return-Path: <my...@solutti.com.br>
Received: from ( [unknown]) by correio.solutti.com.br (Horde MIME library)
with HTTP; Sat, 03 May 2008 11:34:55 -0300
Message-ID: <20...@correio.solutti.com.br>
Date: Sat, 03 May 2008 11:34:55 -0300
From: myuser@solutti.com.br
To: otheruser@solutti.com.br
Subject: proposta comercial
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="=_1j9plxzuetq8"
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.1.3)
X-Originating-IP: 201.67.93.102
X-Remote-Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
.NET CLR 1.1.4322)
(with remote IP address sa Received: header)
Return-Path: <my...@solutti.com.br>
Received: from 201-11-150-2.gnace702.dsl.brasiltelecom.net.br
(201-11-150-2.gnace702.dsl.brasiltelecom.net.br [201.11.150.2]) by
correio.solutti.com.br (Horde MIME library) with HTTP; Sat, 03 May 2008
12:22:55 -0300
Message-ID: <20...@correio.solutti.com.br>
Date: Sat, 03 May 2008 12:22:55 -0300
From: myuser@solutti.com.br
To: otheruser@solutti.com.br
Subject: teste
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="=_2pwudsfd55c0"
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.1.3)
X-Originating-IP: 201.11.150.2
X-Remote-Browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; Alexa;
rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
Question is ... how would be the correct way of whitelisting my
local sent messages through webmail ?
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email it
Re: whitelisting webmail application
Posted by Kris Deugau <kd...@vianet.ca>.
Benny Pedersen wrote:
> does users us smtp auth ?
Not the OP, but he *did* say this is from webmail. Presumably it's a
little hard to send mail from his webmail setup unless you're logged in...
(IIRC SA includes rules to look for Horde/IMP and Squirrelmail [at
least] Received: headers and considers them properly for the trust path.)
-kgd
Re: whitelisting webmail application
Posted by Benny Pedersen <me...@junc.org>.
On Sun, May 4, 2008 01:55, Leonardo Rodrigues Magalhães wrote:
> I think you got it wrong .... this 201.11.150.2 is my customer,
> which really is in a DSL dynamic ip address line. This is NOT my mail
> server. My mail server is on a static ip address which has no problem at
> all with RBLs.
does users us smtp auth ?
> The problem is, as reported, that messages sent through webmail are
> getting RBL checked and maybe, sometimes, my customers can be on some
> RBL-listed IP address. Even on those cases, i would like webmail-sent
> messages to not trigger RBL checks, so my questions on what would be the
> best/correct way of whitelisting it.
no whitelist is needed since users mails will origin from your ip
if onsure, put mail sample on a pastebin somewhere and post the link to
maillist here
> Anyway, thanks for your reply and have a nice weekend !
np
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: whitelisting webmail application
Posted by Leonardo Rodrigues Magalhães <le...@solutti.com.br>.
Nigel Frankcom escreveu:
> On Sat, 03 May 2008 12:51:32 -0300, Leonardo Rodrigues Magalhães
> <le...@solutti.com.br> wrote:
>
>
>> Hello Guys,
>>
>> im running SA 3.2.4 and, on the same machine, horde/imp as webmail
>> application.
>>
>> Sometimes, mails sent through imp are getting flagged as SPAM
>> because of RBL checks, for example:
>>
>> Content analysis details: (8.4 points, 8.0 required)
>>
>> pts rule name description
>> ---- ---------------------- --------------------------------------------------
>> 0.3 TVD_RCVD_SINGLE TVD_RCVD_SINGLE
>> 3.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
>> [botnet_ipinhosntame,ip=201.67.93.102,rdns=201-67-93-102.gnace704.dsl.brasiltelecom.net.br]
>> 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
>> 0.0 HTML_MESSAGE BODY: HTML included in message
>> 5.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
>> [201.67.93.102 listed in zen.spamhaus.org]
>> 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
>>
>>
>>
>> Content analysis details: (11.7 points, 8.0 required)
>>
>> pts rule name description
>> ---- ---------------------- --------------------------------------------------
>> 5.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
>> [201.11.150.2 listed in zen.spamhaus.org]
>> 5.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
>>
>
> Before you worry about whitelisting your own stuff, the Spamhaus
> listing would need to be resolved.
>
> If you are on a static IP you might ask your isp to supply an rdns
> entry and then attempt to get things resolved with Spamhaus.
>
> If you do both of those you will probably not hit either of the issues
> you show above (and below).
>
>
Hi Nigel,
I think you got it wrong .... this 201.11.150.2 is my customer,
which really is in a DSL dynamic ip address line. This is NOT my mail
server. My mail server is on a static ip address which has no problem at
all with RBLs.
The problem is, as reported, that messages sent through webmail are
getting RBL checked and maybe, sometimes, my customers can be on some
RBL-listed IP address. Even on those cases, i would like webmail-sent
messages to not trigger RBL checks, so my questions on what would be the
best/correct way of whitelisting it.
Anyway, thanks for your reply and have a nice weekend !
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email it
Re: whitelisting webmail application
Posted by Nigel Frankcom <ni...@blue-canoe.com>.
On Sat, 03 May 2008 12:51:32 -0300, Leonardo Rodrigues Magalhães
<le...@solutti.com.br> wrote:
>
> Hello Guys,
>
> im running SA 3.2.4 and, on the same machine, horde/imp as webmail
>application.
>
> Sometimes, mails sent through imp are getting flagged as SPAM
>because of RBL checks, for example:
>
>Content analysis details: (8.4 points, 8.0 required)
>
> pts rule name description
>---- ---------------------- --------------------------------------------------
> 0.3 TVD_RCVD_SINGLE TVD_RCVD_SINGLE
> 3.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
>[botnet_ipinhosntame,ip=201.67.93.102,rdns=201-67-93-102.gnace704.dsl.brasiltelecom.net.br]
> 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 5.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
> [201.67.93.102 listed in zen.spamhaus.org]
> 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
>
>
>
>Content analysis details: (11.7 points, 8.0 required)
>
> pts rule name description
>---- ---------------------- --------------------------------------------------
> 5.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
> [201.11.150.2 listed in zen.spamhaus.org]
> 5.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
Before you worry about whitelisting your own stuff, the Spamhaus
listing would need to be resolved.
If you are on a static IP you might ask your isp to supply an rdns
entry and then attempt to get things resolved with Spamhaus.
If you do both of those you will probably not hit either of the issues
you show above (and below).
> 1.6 TVD_RCVD_IP TVD_RCVD_IP
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
>
>
> Well .... in fact i would like my webmail sent applications to be
>considered 'trusted' and not pass through SA rules, but i dont know how
>to do that. I think i'm having this kind of behavior because IMP is
>inserting Received: headers with real ip users apparently when remote IP
>has reverse and always with X-Originating-IP
>
>(with remote IP address as X-Originating-IP)
>
>Return-Path: <my...@solutti.com.br>
>Received: from ( [unknown]) by correio.solutti.com.br (Horde MIME library)
> with HTTP; Sat, 03 May 2008 11:34:55 -0300
>Message-ID: <20...@correio.solutti.com.br>
>Date: Sat, 03 May 2008 11:34:55 -0300
>From: myuser@solutti.com.br
>To: otheruser@solutti.com.br
>Subject: proposta comercial
>MIME-Version: 1.0
>Content-Type: multipart/alternative;
> boundary="=_1j9plxzuetq8"
>Content-Transfer-Encoding: 7bit
>User-Agent: Internet Messaging Program (IMP) H3 (4.1.3)
>X-Originating-IP: 201.67.93.102
>X-Remote-Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
> .NET CLR 1.1.4322)
>
>
>
>(with remote IP address sa Received: header)
>
>Return-Path: <my...@solutti.com.br>
>Received: from 201-11-150-2.gnace702.dsl.brasiltelecom.net.br
> (201-11-150-2.gnace702.dsl.brasiltelecom.net.br [201.11.150.2]) by
> correio.solutti.com.br (Horde MIME library) with HTTP; Sat, 03 May 2008
> 12:22:55 -0300
>Message-ID: <20...@correio.solutti.com.br>
>Date: Sat, 03 May 2008 12:22:55 -0300
>From: myuser@solutti.com.br
>To: otheruser@solutti.com.br
>Subject: teste
>MIME-Version: 1.0
>Content-Type: multipart/alternative;
> boundary="=_2pwudsfd55c0"
>Content-Transfer-Encoding: 7bit
>User-Agent: Internet Messaging Program (IMP) H3 (4.1.3)
>X-Originating-IP: 201.11.150.2
>X-Remote-Browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; Alexa;
> rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
>
>
>
> Question is ... how would be the correct way of whitelisting my
>local sent messages through webmail ?
Re: whitelisting webmail application
Posted by Paul Griffith <pa...@cse.yorku.ca>.
On Sat, 03 May 2008 11:51:32 -0400, Leonardo Rodrigues Magalhães <le...@solutti.com.br> wrote:
> Hello Guys,
>
> im running SA 3.2.4 and, on the same machine, horde/imp as webmail
> application.
>
> Sometimes, mails sent through imp are getting flagged as SPAM
> because of RBL checks, for example:
>
> Content analysis details: (8.4 points, 8.0 required)
>
> pts rule name description
> ---- ---------------------- --------------------------------------------------
> 0.3 TVD_RCVD_SINGLE TVD_RCVD_SINGLE
> 3.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
> [botnet_ipinhosntame,ip=201.67.93.102,rdns=201-67-93-102.gnace704.dsl.brasiltelecom.net.br]
> 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 5.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
> [201.67.93.102 listed in zen.spamhaus.org]
> 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
>
>
>
> Content analysis details: (11.7 points, 8.0 required)
>
> pts rule name description
> ---- ---------------------- --------------------------------------------------
> 5.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
> [201.11.150.2 listed in zen.spamhaus.org]
> 5.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
> 1.6 TVD_RCVD_IP TVD_RCVD_IP
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
>
>
> Well .... in fact i would like my webmail sent applications to be
> considered 'trusted' and not pass through SA rules, but i dont know how
> to do that. I think i'm having this kind of behavior because IMP is
> inserting Received: headers with real ip users apparently when remote IP
> has reverse and always with X-Originating-IP
..snip...
>
> Question is ... how would be the correct way of whitelisting my
> local sent messages through webmail ?
>
>
Do you have you your mail server and your horde host listed in your internal_networks and trusted_network ?
See:
http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html#network_test_options
Cheers,
Paul