You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2004/04/22 10:26:48 UTC
[Bug 3292] New: Improper use of and false positives regarding RCVD_IN_SORBS
http://bugzilla.spamassassin.org/show_bug.cgi?id=3292
Summary: Improper use of and false positives regarding
RCVD_IN_SORBS
Product: Spamassassin
Version: 2.63
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P3
Component: Rules
AssignedTo: spamassassin-dev@incubator.apache.org
ReportedBy: gblack@smartertek.net
One of the SORBS lists contains IP ranges of "end users" that should not be
directing sending e-mail (their mail servers should) to foriegn mail servers and
the RCVD_IN_SORBS appears to do a check against that list. This is all well and
good except it's checking every relay point in the header and any half decent
mail server is going to include a copy of the inital hop (from the end user to
the mail server) and this is leading to false positives. Example:
Return-Path: <so...@comcast.net>
Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56])
by smartertek.net (8.12.3+3.5Wbeta/8.12.3/Debian-6.6) with ESMTP id i3AMsoMR026360
for <so...@crystalvoice.org>; Sat, 10 Apr 2004 18:54:50 -0400
Received: from Macbeth3 (pcp01543743pcs.abngtn01.va.comcast.net[68.62.243.186])
by comcast.net (sccrmhc12) with SMTP
id <2004041022544401200220cbe>; Sat, 10 Apr 2004 22:54:44 +0000
Message-ID: <00...@Macbeth3>
Resulted in a hit: RCVD_IN_SORBS
RBL: SORBS: sender is listed in SORBS
[68.62.243.186 listed in dnsbl.sorbs.net]
It's a very natural thing for that first hop from the sender to their mail
server to contain an IP address that belongs to a dial-up,dsl,cable,etc. or
other such end user range (they've got to send mail somehow right?).
Spamassassin needs to stop examing that first hop when checking this rule.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.