You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Matt Doran <ma...@papercut.com> on 2010/01/08 04:39:39 UTC
Re: Why no relays?
Matt Doran wrote:
> OK, I think I'm onto something here. The warnings would appear for
> the first message processed by that process. I was able to reproduce
> by restarting the daemon and sending in a new message.
>>>
>>> >From my experimenting with the shortcircuit plugin I know that it
>>> has the ability to change the order rules are evaluated (based on
>>> the "priority"). So I suspected that the order that rules are
>>> evaluated introduced this problem. I added a short-circuit rule for
>>> NO_RELAYS, i.e.
>>>
>>> shortcircuit NO_RELAYS ham
>>>
>>>
>>> If I remove this rule, I no longer see the warnings. Hmmmm.
>>>
>>> So now I need a SA/shortcircuit guru to help me understand what I
>>> did wrong. Is there a way for me to short-circuit when there are
>>> no relays without introducing these problems?
>>
>> Well, let's back up a bit.
>>
>> NO_RELAYS is an *error*. This should never happen. If it is
>> happening, you very likely have a problem that needs fixing for SA to
>> work accurately.
>>
>> Usually if this is firing off, you've integrated SA in a way that it
>> never sees Recieved: headers generated by your local MTA, which is
>> bad. (all mail should have at least one Received: header before it
>> gets to SA, even if it's just saying "received from localhost by
>> localhost".) Usually this is from a borked MTA layer integration.
>>
>> So, my personal recomendation would be to stop trying to shortcircuit
>> this rule, and figure out why there are no Received: headers in the
>> message.
>>
>>
> I was just investigating this myself (actually looking at the code
> Received.pm but not getting very far). Maybe you have an idea? I
> found an email with NO_RELAYS, but it had the following Received headers:
>
> Received: from localhost
> ([127.0.0.1] helo=smaug.papercutsoftware.com ident=matt)
> by smaug.papercutsoftware.com with esmtp (Exim 4.69)
> (envelope-from <on...@papercut.com>)
> id 1NT3bj-0006Zd-Se
> for matt@localhost; Fri, 08 Jan 2010 12:25:44 +1100
> Received: from papercut.com [216.92.193.84]
> by smaug.papercutsoftware.com with IMAP (fetchmail-6.3.9-rc2)
> for <ma...@localhost> (single-drop); Fri, 08 Jan 2010 12:25:43 +1100 (EST)
> Received: (qmail 67842 invoked by uid 3020); 8 Jan 2010 01:25:38 -0000
> Received: (qmail 67839 invoked by uid 65534); 8 Jan 2010 01:25:38 -0000
>
> but when I run this through: spamassassin -D I only see the following
> entries about received headers.
>
> [28013] dbg: received-header: parsed as [ ip=127.0.0.1
> rdns=localhost helo=smaug.papercutsoftware.com
> by=smaug.papercutsoftware.com ident=matt
> envfrom=online-orders@papercut.com intl=0 id=1NT3bj-0006Zd-Se
> auth= msa=0 ]
> [28013] dbg: received-header: relay 127.0.0.1 trusted? yes
> internal? yes msa? no
> [28013] dbg: received-header: found fetchmail marker, restarting parse
> [28013] dbg: metadata: X-Spam-Relays-Trusted:
> [28013] dbg: metadata: X-Spam-Relays-Untrusted:
> [28013] dbg: metadata: X-Spam-Relays-Internal:
> [28013] dbg: metadata: X-Spam-Relays-External:
>
>
> Why wouldn't it be parsing/recognizing the 2nd "Received"
> header? Is there anything rule/config that makes SA ignore a
> received header/relay?
>
>
OK, I just noticed the line "received-header: found fetchmail marker,
restarting parse". We are using fetchmail .... so maybe this isn't
working as expected.
This email is one that is generated by out web-server on an ISP. So I
guess there sort of isn't any relays in a way. It seems that
SpamAssassin ignores the fetchmail Received header and also any later
headers (e.g. local delivery), and this leaves only these headers:
Received: (qmail 67842 invoked by uid 3020); 8 Jan 2010 01:25:38 -0000
Received: (qmail 67839 invoked by uid 65534); 8 Jan 2010 01:25:38 -0000
And I guess that SpamAssassin's relay parsing is ignoring these as
"local" (i.e. it's not a "relay"). If that's the case, then it is OK
to have NO_RELAYS, particularly if mail was generated on the same
machine as the mail server (e.g. cron jobs). So isn't this a legitmate
rule to use?
So then I come back to the question, can I use NO_RELAYS in a
short-circuit without causing issues?
Regards,
Matt