You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Andrew Hearn <an...@aaisp.net.uk> on 2007/12/14 13:26:40 UTC
Not sure why DOS_OE_TO_MX fired
Hello,
I'm not sure why DOS_OE_TO_MX fired on this message, as the headers say
it was delivered to b.painless.aaisp.net.uk which relayed it on to
z.hopeless.aaisp.net.uk.
b.painless isn't the MX for the domain...
Any ideas? -Thanks!
Return-path: <fi...@fionamurphy.net>
Envelope-to: andrew@aaisp.net.uk
Delivery-date: Fri, 14 Dec 2007 11:45:39 +0000
Received: from [2001:8b0:0:81::51bb:5134] (helo=b.painless.aaisp.net.uk)
by z.hopeless.aaisp.net.uk with esmtp (Exim 4.63)
(envelope-from <fi...@fionamurphy.net>)
id 1J38z2-0004B8-FV
for andrew@aaisp.net.uk; Fri, 14 Dec 2007 11:45:39 +0000
Received: from [217.169.3.9] (helo=DFTJ542J)
by b.painless.aaisp.net.uk with smtp (Exim 4.62)
(envelope-from <fi...@fionamurphy.net>)
id 1J38z2-00036f-7g
for andrew@aaisp.net.uk; Fri, 14 Dec 2007 11:45:36 +0000
Message-ID: <00...@DFTJ542J>
From: "Fiona Murphy" <fi...@fionamurphy.net>
To: <an...@aaisp.net.uk>
Subject: website emergency!
Date: Fri, 14 Dec 2007 11:45:33 -0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_00AF_01C83E46.D5CB6A50"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-Virus-Scanned: Clear (Version: ClamAV 0.91.2/5116/Fri Dec 14 07:14:39
2007, by smtp.aaisp.net.uk)
X-AA-SMTP-Time-Scanned:YES
X-Spam-Score: 4.0 ++++
X-AASpam-Report: Spam detection software, running on the system
"b.spamless.aaisp.net.uk", has
processed this message.
This message scored (4.0 points and 4.6 are required to mark as spam)
pts rule name description
---- ----------------------
--------------------------------------------------
1.2 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5071]
0.0 NO_VIRUS_FOUND There were no viruses found in this message
by ClamAV
2.8 DOS_OE_TO_MX Delivered direct to MX with OE headers
Re: Not sure why DOS_OE_TO_MX fired
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Andrew Hearn wrote:
> Hello,
>
> I'm not sure why DOS_OE_TO_MX fired on this message, as the headers say
> it was delivered to b.painless.aaisp.net.uk which relayed it on to
> z.hopeless.aaisp.net.uk.
>
> b.painless isn't the MX for the domain...
SA support for IPv6 is currently non-existent so the top most received
header is ignored.
> Any ideas? -Thanks!
Only use IPv4 for your MX(es). Not only did it cause a problem in this
case, but all of your incoming spam is scoring lower than it should
since SA is not able to do DNSBL tests on the connecting relays.
Daryl
> Return-path: <fi...@fionamurphy.net>
> Envelope-to: andrew@aaisp.net.uk
> Delivery-date: Fri, 14 Dec 2007 11:45:39 +0000
> Received: from [2001:8b0:0:81::51bb:5134] (helo=b.painless.aaisp.net.uk)
> by z.hopeless.aaisp.net.uk with esmtp (Exim 4.63)
> (envelope-from <fi...@fionamurphy.net>)
> id 1J38z2-0004B8-FV
> for andrew@aaisp.net.uk; Fri, 14 Dec 2007 11:45:39 +0000
> Received: from [217.169.3.9] (helo=DFTJ542J)
> by b.painless.aaisp.net.uk with smtp (Exim 4.62)
> (envelope-from <fi...@fionamurphy.net>)
> id 1J38z2-00036f-7g
> for andrew@aaisp.net.uk; Fri, 14 Dec 2007 11:45:36 +0000
> Message-ID: <00...@DFTJ542J>
> From: "Fiona Murphy" <fi...@fionamurphy.net>
> To: <an...@aaisp.net.uk>
> Subject: website emergency!
> Date: Fri, 14 Dec 2007 11:45:33 -0000
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="----=_NextPart_000_00AF_01C83E46.D5CB6A50"
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2900.3138
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
> X-Virus-Scanned: Clear (Version: ClamAV 0.91.2/5116/Fri Dec 14 07:14:39
> 2007, by smtp.aaisp.net.uk)
> X-AA-SMTP-Time-Scanned:YES
> X-Spam-Score: 4.0 ++++
> X-AASpam-Report: Spam detection software, running on the system
> "b.spamless.aaisp.net.uk", has
> processed this message.
> This message scored (4.0 points and 4.6 are required to mark as spam)
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 1.2 HTML_MESSAGE BODY: HTML included in message
> 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
> [score: 0.5071]
> 0.0 NO_VIRUS_FOUND There were no viruses found in this message
> by ClamAV
> 2.8 DOS_OE_TO_MX Delivered direct to MX with OE headers
RE: Not sure why DOS_OE_TO_MX fired
Posted by Giampaolo Tomassoni <g....@libero.it>.
> -----Original Message-----
> From: Andrew Hearn [mailto:andrew.hearn@aaisp.net.uk]
> Sent: Friday, December 14, 2007 1:27 PM
> To: users@spamassassin.apache.org
> Subject: Not sure why DOS_OE_TO_MX fired
>
> Hello,
>
> I'm not sure why DOS_OE_TO_MX fired on this message, as the headers say
> it was delivered to b.painless.aaisp.net.uk which relayed it on to
> z.hopeless.aaisp.net.uk.
>
> b.painless isn't the MX for the domain...
>
> Any ideas? -Thanks!
I bet 2001:8b0:0:81::51bb:5134 or 217.169.3.9 is in your internal_networks,
right?
If this is the case, the header rule __DOS_SINGLE_EXT_RELAY fires on this
message, since it only looks to external relays.
My suggestion is to put both 2001:8b0:0:81::51bb:5134 AND 217.169.3.9 into
your internal network, or you may put 2001:8b0:0:81::51bb:5134 in the
trusted network and 217.169.3.9 in your internal. However, you should obtain
either none or both the servers in your external network. This means you are
going not to check you outgoing messages against some URIBL services, but
anyway it is quite silly to check them if you are the provider: that way,
your may risk to block yourself all the outgoing traffic...
Giampaolo
>
>
> Return-path: <fi...@fionamurphy.net>
> Envelope-to: andrew@aaisp.net.uk
> Delivery-date: Fri, 14 Dec 2007 11:45:39 +0000
> Received: from [2001:8b0:0:81::51bb:5134]
> (helo=b.painless.aaisp.net.uk)
> by z.hopeless.aaisp.net.uk with esmtp (Exim 4.63)
> (envelope-from <fi...@fionamurphy.net>)
> id 1J38z2-0004B8-FV
> for andrew@aaisp.net.uk; Fri, 14 Dec 2007 11:45:39 +0000
> Received: from [217.169.3.9] (helo=DFTJ542J)
> by b.painless.aaisp.net.uk with smtp (Exim 4.62)
> (envelope-from <fi...@fionamurphy.net>)
> id 1J38z2-00036f-7g
> for andrew@aaisp.net.uk; Fri, 14 Dec 2007 11:45:36 +0000
> Message-ID: <00...@DFTJ542J>
> From: "Fiona Murphy" <fi...@fionamurphy.net>
> To: <an...@aaisp.net.uk>
> Subject: website emergency!
> Date: Fri, 14 Dec 2007 11:45:33 -0000
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="----=_NextPart_000_00AF_01C83E46.D5CB6A50"
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2900.3138
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
> X-Virus-Scanned: Clear (Version: ClamAV 0.91.2/5116/Fri Dec 14 07:14:39
> 2007, by smtp.aaisp.net.uk)
> X-AA-SMTP-Time-Scanned:YES
> X-Spam-Score: 4.0 ++++
> X-AASpam-Report: Spam detection software, running on the system
> "b.spamless.aaisp.net.uk", has
> processed this message.
> This message scored (4.0 points and 4.6 are required to mark as
> spam)
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 1.2 HTML_MESSAGE BODY: HTML included in message
> 0.0 BAYES_50 BODY: Bayesian spam probability is 40
> to 60%
> [score: 0.5071]
> 0.0 NO_VIRUS_FOUND There were no viruses found in this
> message
> by ClamAV
> 2.8 DOS_OE_TO_MX Delivered direct to MX with OE headers