You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Emin Akbulut <em...@gmail.com> on 2010/09/01 14:42:13 UTC
More info about the rules
Hi, I sent a test message from my Outlook,
below are the results. How can I fix these
two checks -probably at my mail server-
FSL_HELO_NON_FQDN_1
HELO_NO_DOMAIN
Thanks.
pts rule name description
---- ----------------------
--------------------------------------------------
1.8 FSL_HELO_NON_FQDN_1 FSL_HELO_NON_FQDN_1
1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email
-3.5 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
1.2 RDNS_NONE Delivered to internal network by a host with no
rDNS
1.0 HELO_NO_DOMAIN Relay reports its domain incorrectly
Re: More info about the rules
Posted by Bowie Bailey <Bo...@BUC.com>.
On 9/1/2010 8:42 AM, Emin Akbulut wrote:
> Hi, I sent a test message from my Outlook,
> below are the results. How can I fix these
> two checks -probably at my mail server-
>
> FSL_HELO_NON_FQDN_1
> HELO_NO_DOMAIN
>
>
> Thanks.
>
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 1.8 FSL_HELO_NON_FQDN_1 FSL_HELO_NON_FQDN_1
> 1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email
> -3.5 BAYES_00 BODY: Bayes spam probability is 0 to 1%
> [score: 0.0000]
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 1.2 RDNS_NONE Delivered to internal network by a host
> with no rDNS
> 1.0 HELO_NO_DOMAIN Relay reports its domain incorrectly
Aside from the GTUBE and BAYES hits, this email only got 4 points. It's
a bit high for a ham message, but it wouldn't have been marked as spam
if it didn't have the GTUBE string in it.
For us to give you any more detailed answer, we will need to see the
full message (with headers). Put it on pastebin.com and send us a link
to it.
--
Bowie
Re: More info about the rules
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Wed, 2010-09-01 at 18:27 +0300, Emin Akbulut wrote:
> Outlook account's SMTP is: 88.255.136.44
> MailEnable running IP is: 88.255.136.44
So you are directly submitting to your MX, it seems.
> SA running IP is: 192.168.35.210 -dedicated internal box-
How does that box get the message?
> My own server & SA scores my own test message because of
> FSL_HELO_NON_FQDN_1 and HELO_NO_DOMAIN checks. I don't know what are
> these.
I explained what they are in my first post.
> How can I fix it?
Probably by fixing your own network settings. However, for that to know,
we need...
> > As Bowie already said -- full headers please.
You ignored our request for proper information.
In other words: We can NOT magically help you, just because you threw a
SA rule name at us. We do need more information. You will have to
provide that info.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: More info about the rules
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 01.09.10 18:27, Emin Akbulut wrote:
> Outlook account's SMTP is: 88.255.136.44
>
> MailEnable running IP is: 88.255.136.44
> SA running IP is: 192.168.35.210 -dedicated internal box-
>
> My own server & SA scores my own test message
> because of FSL_HELO_NON_FQDN_1 and
> HELO_NO_DOMAIN checks. I don't know
> what are these.
>
> How can I fix it?
how do you receive mail from 88.255.136.44 to 192.168.35.210?
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.
Re: More info about the rules
Posted by John Hardin <jh...@impsec.org>.
On Wed, 1 Sep 2010, Emin Akbulut wrote:
> Outlook account's SMTP is: 88.255.136.44
>
> MailEnable running IP is: 88.255.136.44
> SA running IP is: 192.168.35.210 -dedicated internal box-
>
> My own server & SA scores my own test message
> because of FSL_HELO_NON_FQDN_1 and
> HELO_NO_DOMAIN checks. I don't know
> what are these.
>
> How can I fix it?
It is best practice to configure a MTA to send its fully-qualified domain
name as the HELO string when contacting another MTA to deliver a message.
These rules trigger on an MTA that does not follow that practice.
What is your MTA configured to send in the HELO exchange when contacting
another MTA?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Taking my gun away because I *might* shoot someone is like cutting
my tongue out because I *might* yell "Fire!" in a crowded theater.
-- Peter Venetoklis
-----------------------------------------------------------------------
107 days until TRON Legacy
Re: More info about the rules
Posted by Emin Akbulut <em...@gmail.com>.
Outlook account's SMTP is: 88.255.136.44
MailEnable running IP is: 88.255.136.44
SA running IP is: 192.168.35.210 -dedicated internal box-
My own server & SA scores my own test message
because of FSL_HELO_NON_FQDN_1 and
HELO_NO_DOMAIN checks. I don't know
what are these.
How can I fix it?
2010/9/1 Karsten Bräckelmann <gu...@rudersport.de>
> On Wed, 2010-09-01 at 17:13 +0300, Emin Akbulut wrote:
> > Yes it's my very own MailEnable mail server, SA integrated.
> > I sent the message from home.
>
> Hrm, I'm not sure if that answers the question. Maybe I'm just still too
> low on caffeine. So, did you just say your MUA's outgoing SMTP is the
> same as the MX running SA?
>
> As Bowie already said -- full headers please.
>
>
> > > If that was an SMTP server, fix that. It should, however, not be part
> of
> > > *your* infrastructure, since it's external. If it is under your
> control,
> > > you need to fix your SA internal_networks settings.
> > >
> > > But since you mentioned sending a test message yourself, from Outlook
> --
> > > any chance there was no external SMTP involved, and you directly
> > > submitted from your MUA to MX?
>
> --
> char *t="\10pse\0r\0dtu\0.@ghno
> \x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
> main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8?
> c<<=1:
> (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0;
> }}}
>
>
Re: More info about the rules
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Wed, 2010-09-01 at 17:13 +0300, Emin Akbulut wrote:
> Yes it's my very own MailEnable mail server, SA integrated.
> I sent the message from home.
Hrm, I'm not sure if that answers the question. Maybe I'm just still too
low on caffeine. So, did you just say your MUA's outgoing SMTP is the
same as the MX running SA?
As Bowie already said -- full headers please.
> > If that was an SMTP server, fix that. It should, however, not be part of
> > *your* infrastructure, since it's external. If it is under your control,
> > you need to fix your SA internal_networks settings.
> >
> > But since you mentioned sending a test message yourself, from Outlook --
> > any chance there was no external SMTP involved, and you directly
> > submitted from your MUA to MX?
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: More info about the rules
Posted by Emin Akbulut <em...@gmail.com>.
Yes it's my very own MailEnable mail server, SA integrated.
I sent the message from home.
2010/9/1 Karsten Bräckelmann <gu...@rudersport.de>
>
>
>> If that was an SMTP server, fix that. It should, however, not be part of
>> *your* infrastructure, since it's external. If it is under your control,
>> you need to fix your SA internal_networks settings.
>>
>> But since you mentioned sending a test message yourself, from Outlook --
>> any chance there was no external SMTP involved, and you directly
>> submitted from your MUA to MX?
>>
>>
Re: More info about the rules
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Wed, 2010-09-01 at 15:42 +0300, Emin Akbulut wrote:
> Hi, I sent a test message from my Outlook,
> below are the results. How can I fix these
> two checks -probably at my mail server-
Don't fix the tests. Fix the external host. ;)
> FSL_HELO_NON_FQDN_1
> HELO_NO_DOMAIN
The external host handing over the message to your network gave a pretty
bad SMTP EHLO/HELO command.
If that was an SMTP server, fix that. It should, however, not be part of
*your* infrastructure, since it's external. If it is under your control,
you need to fix your SA internal_networks settings.
But since you mentioned sending a test message yourself, from Outlook --
any chance there was no external SMTP involved, and you directly
submitted from your MUA to MX?
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: More info about the rules
Posted by Bowie Bailey <Bo...@BUC.com>.
On 9/1/2010 8:42 AM, Emin Akbulut wrote:
> Hi, I sent a test message from my Outlook,
> below are the results. How can I fix these
> two checks -probably at my mail server-
>
> FSL_HELO_NON_FQDN_1
> HELO_NO_DOMAIN
>
>
> Thanks.
>
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 1.8 FSL_HELO_NON_FQDN_1 FSL_HELO_NON_FQDN_1
> 1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email
> -3.5 BAYES_00 BODY: Bayes spam probability is 0 to 1%
> [score: 0.0000]
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 1.2 RDNS_NONE Delivered to internal network by a host
> with no rDNS
> 1.0 HELO_NO_DOMAIN Relay reports its domain incorrectly
header FSL_HELO_NON_FQDN_1 X-Spam-Relays-External =~ /^[^\]]+
helo=[a-zA-Z0-9-_]+ /i
header __HELO_NO_DOMAIN X-Spam-Relays-External =~ /^[^\]]+ helo=[^\.]+ /
Am I missing something, or are these two slightly different versions of
the same rule?
Both of them are looking for an external relay that does not report its
FQDN.
--
Bowie