You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "@lbutlr" <kr...@kreme.com> on 2015/04/20 17:08:42 UTC
spamass-milter processing brunette.com messages as if from localhost
Bronto.com is a remailer service for various companies (like Fractureme.com and others) and I’ve been noting that it hits some odd triggers in spamass-milter:
Apr 19 15:00:40 mail spamd[87225]: spamd: result: Y 5 - BAYES_50,DKIM_SIGNED,DKIM_VALID,FSL_HELO_NON_FQDN_1,HEADER_FROM_DIFFERENT_DOMAINS,HELO_LOCALHOST,HTML_IMAGE_RATIO_02,HTML_MESSAGE,RDNS_LOCALHOST,SPF_SOFTFAIL,UNPARSEABLE_RELAY,URIBL_GREY scantime=2.4,size=14225,user=kreme,uid=58,required_score=5.0,rhost=localhost,raddr=::1,rport=36110,mid=<cl...@bronto.com>,bayes=0.500186,autolearn=no autolearn_force=no
Here are some headers from a btonto.com message. As you can see, there is little info in the received header my server adds (no IP).
X-Envelope-From: <cl...@bounce.bronto.com>
X-Envelope-To: <kr...@kreme.com>
Received: from ms045.bronto.com (unknown)
by mail.covisp.net(Postfix 2.11.4/8.13.0) with SMTP id unknown;
Sun, 19 Apr 2015 15:00:38 -0600
(envelope-from <cl...@bounce.bronto.com>)
Received: from localhost (10.0.1.163) by ms045.bronto.com id h6gbnc1usqsi for <kr...@kreme.com>; Sun, 19 Apr 2015 17:00:33 -0400 (envelope-from <cl...@bounce.bronto.com>)
Here is normal received header:
Received: from gatewayout2.uhd.edu (gatewayout2.uhd.edu [216.145.160.112])
by mail.covisp.net (Postfix) with ESMTPS id 3lVqRX6QKqzJMhn
for <kr...@kreme.com>; Mon, 20 Apr 2015 08:00:24 -0600 (MDT)
Full postfix logs for the message follow:
Apr 19 15:00:38 mail postfix/smtpd[93480]: 3lVNpt0CzVzJQpS: client=ms045.bronto.com[216.27.63.45]
Apr 19 15:00:38 mail postfix/cleanup[93662]: 3lVNpt0CzVzJQpS: message-id=<cl...@bronto.com>
Apr 19 15:00:39 mail spamd[87225]: spamd: processing message <cl...@bronto.com> for kreme:58
Apr 19 15:00:40 mail spamd[87225]: spamd: result: Y 5 - BAYES_50,DKIM_SIGNED,DKIM_VALID,FSL_HELO_NON_FQDN_1,HEADER_FROM_DIFFERENT_DOMAINS,HELO_LOCALHOST,HTML_IMAGE_RATIO_02,HTML_MESSAGE,RDNS_LOCALHOST,SPF_SOFTFAIL,UNPARSEABLE_RELAY,URIBL_GREY scantime=2.4,size=14225,user=kreme,uid=58,required_score=5.0,rhost=localhost,raddr=::1,rport=36110,mid=<cl...@bronto.com>,bayes=0.500186,autolearn=no autolearn_force=no
Apr 19 15:00:40 mail postfix/qmgr[92561]: 3lVNpt0CzVzJQpS: from=<cl...@bounce.bronto.com>, size=19278, nrcpt=2 (queue active)
Apr 19 15:00:43 mail postfix/local[93694]: 3lVNpt0CzVzJQpS: to=<kr...@covisp.net>, orig_to=<kr...@kreme.com>, relay=local, delay=5.1, delays=2.7/0.02/0/2.3, dsn=2.0.0, status=sent (delivered to command: /usr/local/bin/procmail -t -a $EXTENSION)
Apr 19 15:00:43 mail postfix/qmgr[92561]: 3lVNpt0CzVzJQpS: removed
--
I don't believe there's a power in the 'verse can stop Kaylee from bein'
cheerful. Sometimes you just wanna duct-tape her mouth and dump her in
the hold for a month.
Re: spamass-milter processing brunette.com messages as if from
localhost
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 23.04.15 06:23, kremels wrote:
>>>Received: from ms045.bronto.com (unknown)
>>> by mail.covisp.net(Postfix 2.11.4/8.13.0) with SMTP id unknown;
>>> Sun, 19 Apr 2015 15:00:38 -0600
>>> (envelope-from
>>><cl...@bounce.bronto.com>)
>>>Received: from localhost (10.0.1.163) by ms045.bronto.com id
>>>h6gbnc1usqsi for <kr...@kreme.com>; Sun, 19 Apr 2015 17:00:33
>>>-0400 (envelope-from
>>><cl...@bounce.bronto.com>)
>>I really wonder why is there a (unknown) line, not containing
>>hostname not
>>IP... how should SA get the proper IP? However it seems to be mail
>>covisp.net who loses the IP, and that is
>>apparently not SA failure...
>>how do you feed the mail to SA?
>
>spamass-milter. Mot messages are fine. Most messages from bronto are
>fine. Occasionally, I get this error though. I did ask about the
>Received header over on the postfix list and was told the only way
>that header could exist is if it was rewritten by a header_check (no)
>or a milter. And I do have a milter.
AFAIK milters should see message as it was received, so the first Received:
message should be generated by spamass-milter.
This looks like your milter doesn't see the client't IP...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
He who laughs last thinks slowest.
Re: spamass-milter processing brunette.com messages as if from
localhost
Posted by kremels <kr...@kreme.com>.
On 2015-04-22 03:35, Matus UHLAR - fantomas wrote:
> nOn 20.04.15 09:08, @lbutlr wrote:
>> Bronto.com is a remailer service for various companies (like
>> Fractureme.com
>> and others) and I’ve been noting that it hits some odd triggers in
>> spamass-milter:
>>
>> Apr 19 15:00:40 mail spamd[87225]: spamd: result: Y 5 -
>> BAYES_50,DKIM_SIGNED,DKIM_VALID,FSL_HELO_NON_FQDN_1,HEADER_FROM_DIFFERENT_DOMAINS,HELO_LOCALHOST,HTML_IMAGE_RATIO_02,HTML_MESSAGE,RDNS_LOCALHOST,SPF_SOFTFAIL,UNPARSEABLE_RELAY,URIBL_GREY
>> scantime=2.4,size=14225,user=kreme,uid=58,required_score=5.0,rhost=localhost,raddr=::1,rport=36110,mid=<cl...@bronto.com>,bayes=0.500186,autolearn=no
>> autolearn_force=no
>>
>> Here are some headers from a btonto.com message. As you can see, there
>> is
>> little info in the received header my server adds (no IP).
>>
>> X-Envelope-From:
>> <cl...@bounce.bronto.com>
>> X-Envelope-To: <kr...@kreme.com>
>> Received: from ms045.bronto.com (unknown)
>> by mail.covisp.net(Postfix 2.11.4/8.13.0) with SMTP id unknown;
>> Sun, 19 Apr 2015 15:00:38 -0600
>> (envelope-from
>> <cl...@bounce.bronto.com>)
>> Received: from localhost (10.0.1.163) by ms045.bronto.com id
>> h6gbnc1usqsi for <kr...@kreme.com>; Sun, 19 Apr 2015 17:00:33 -0400
>> (envelope-from <cl...@bounce.bronto.com>)
>
> I really wonder why is there a (unknown) line, not containing hostname
> not
> IP... how should SA get the proper IP? However it seems to be mail
> covisp.net who loses the IP, and that is
> apparently not SA failure...
> how do you feed the mail to SA?
spamass-milter. Mot messages are fine. Most messages from bronto are
fine. Occasionally, I get this error though. I did ask about the
Received header over on the postfix list and was told the only way that
header could exist is if it was rewritten by a header_check (no) or a
milter. And I do have a milter.
--
This is not my signature
Re: spamass-milter processing brunette.com messages as if from
localhost
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
nOn 20.04.15 09:08, @lbutlr wrote:
>Bronto.com is a remailer service for various companies (like Fractureme.com
> and others) and I’ve been noting that it hits some odd triggers in
> spamass-milter:
>
>Apr 19 15:00:40 mail spamd[87225]: spamd: result: Y 5 -
> BAYES_50,DKIM_SIGNED,DKIM_VALID,FSL_HELO_NON_FQDN_1,HEADER_FROM_DIFFERENT_DOMAINS,HELO_LOCALHOST,HTML_IMAGE_RATIO_02,HTML_MESSAGE,RDNS_LOCALHOST,SPF_SOFTFAIL,UNPARSEABLE_RELAY,URIBL_GREY
> scantime=2.4,size=14225,user=kreme,uid=58,required_score=5.0,rhost=localhost,raddr=::1,rport=36110,mid=<cl...@bronto.com>,bayes=0.500186,autolearn=no
> autolearn_force=no
>
>Here are some headers from a btonto.com message. As you can see, there is
> little info in the received header my server adds (no IP).
>
>X-Envelope-From: <cl...@bounce.bronto.com>
>X-Envelope-To: <kr...@kreme.com>
>Received: from ms045.bronto.com (unknown)
> by mail.covisp.net(Postfix 2.11.4/8.13.0) with SMTP id unknown;
> Sun, 19 Apr 2015 15:00:38 -0600
> (envelope-from <cl...@bounce.bronto.com>)
>Received: from localhost (10.0.1.163) by ms045.bronto.com id h6gbnc1usqsi for <kr...@kreme.com>; Sun, 19 Apr 2015 17:00:33 -0400 (envelope-from <cl...@bounce.bronto.com>)
I really wonder why is there a (unknown) line, not containing hostname not
IP... how should SA get the proper IP?
However it seems to be mail covisp.net who loses the IP, and that is
apparently not SA failure...
how do you feed the mail to SA?
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I feel like I'm diagonally parked in a parallel universe.