You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Christian Aust <ch...@wilde-welt.de> on 2006/11/18 10:11:49 UTC

Unexpected behavior when checking list mails

Hi all,

I'm using spamassassin 3.1.7 on Debian 3.1 w/ postfix 2.3.3 and GNU  
MailMain 2.1.5. When I last sent out a message to the list  
participants, I encountered this:

Two users having an local account on the same machine from which the  
mail comes are subscribed to the list. Both get the mail, but the  
spam score differs, although both use an empty users_prefs file in  
~/.spamassassin. While user1 gets the mail flagged as spam, it's ok  
for user2 (that's me). This is the spam report that's been generated  
for user1:

Content analysis details:   (4.8 points, 4.3 required)

  pts rule name              description
---- ----------------------  
--------------------------------------------------
  1.5 SUBJECT_ENCODED_TWICE  Subject: MIME encoded twice
  3.0 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic  
IP address
                             [80.136.188.197 listed in dnsbl.sorbs.net]
  3.0 RCVD_IN_NJABL_DUL      RBL: NJABL: dialup sender did non-local  
SMTP
                             [80.136.188.197 listed in  
combined.njabl.org]
-2.8 AWL                    AWL: From: address is in the auto white-list

The IP address 80.136.188.197 was used by me (user2) when I sent the  
message. It is obviously some dynamic IP from which I connected to my  
servers SMTP service. Why does it lead to such a massive score? After  
all, the mail just origins from a dialup account, but has been sent  
through a proper SMTP server with all the bells and whistles.

I'd appreciate it if somebody could help me understand why this was  
recognized as spam - and what I could to to prevent this in future  
(without just playing with the test scores). Kind regards,

-  Christian Aust

======================================================================== 
=======

[user 1]
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on
	server007.wilde-welt.de
X-Spam-Level: ****
X-Spam-Status: Yes, score=4.8 required=4.3 tests=AWL,RCVD_IN_NJABL_DUL,
	RCVD_IN_SORBS_DUL,SUBJECT_ENCODED_TWICE autolearn=no version=3.1.7
Return-Path: <li...@sauerlaender-in-koeln.de>
X-Original-To: user1@wilde-welt.de
Delivered-To: user1@server007.wilde-welt.de
Received: from server007.wilde-welt.de (localhost [127.0.0.1])
	by server007.wilde-welt.de (Postfix) with ESMTP id E7F538680AB;
	Wed, 15 Nov 2006 23:29:40 +0100 (CET)
X-Original-To: liste@sauerlaender-in-koeln.de
Delivered-To: liste@server007.wilde-welt.de
Received: from [127.0.0.1] (p5088BCC5.dip0.t-ipconnect.de  
[80.136.188.197])
	by server007.wilde-welt.de (Postfix) with ESMTP id 989188680A9
	for <li...@sauerlaender-in-koeln.de>;
	Wed, 15 Nov 2006 23:29:37 +0100 (CET)
Message-ID: <45...@wilde-welt.de>
Date: Wed, 15 Nov 2006 23:29:26 +0100
From: Christian Aust <ch...@wilde-welt.de>
User-Agent: Thunderbird 1.5.0.8 (Windows/20061025)
MIME-Version: 1.0
To: liste@sauerlaender-in-koeln.de
Subject: =?iso-8859-1?q?=5BSauerl=E4nder=5D_?= =?iso-8859-15?q? 
N=E4chstes_?=
=?iso-8859-15?q?Sauerl=E4nder- 
Treffen_am_DI=2C_21=2E11=2E2006_20_Uhr=2C_R?=
=?iso-8859-15?q?heinterrassen_K=F6ln?=
X-BeenThere: liste@sauerlaender-in-koeln.de
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: =?iso-8859-1?q?Neues_f=FCr_die_Sauerl=E4nder_in_K=F6ln?=
	<liste.sauerlaender-in-koeln.de>
List-Unsubscribe: <http://sauerlaender-in-koeln.de/cgi-bin/listinfo/ 
liste>,
	<mailto:liste-request@sauerlaender-in-koeln.de?subject=unsubscribe>
List-Archive: <http://mailman.wilde-welt.de/pipermail/liste>
List-Post: <ma...@sauerlaender-in-koeln.de>
List-Help: <mailto:liste-request@sauerlaender-in-koeln.de?subject=help>
List-Subscribe: <http://sauerlaender-in-koeln.de/cgi-bin/listinfo/ 
liste>,
	<mailto:liste-request@sauerlaender-in-koeln.de?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1701238995=="
Mime-version: 1.0
Sender: liste-bounces@sauerlaender-in-koeln.de
Errors-To: liste-bounces@sauerlaender-in-koeln.de

======================================================================== 
=======

[user 2]
Return-Path: <li...@sauerlaender-in-koeln.de>
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on
	server007.wilde-welt.de
X-Spam-Level:
X-Spam-Status: No, score=0.3 required=4.3 tests=AWL,BAYES_00,
	RCVD_IN_NJABL_DUL,SUBJECT_ENCODED_TWICE autolearn=no version=3.1.7
X-Original-To: user2@wilde-welt.de
Delivered-To: user2@server007.wilde-welt.de
Received: from server007.wilde-welt.de (localhost [127.0.0.1])
	by server007.wilde-welt.de (Postfix) with ESMTP id E7F538680AB;
	Wed, 15 Nov 2006 23:29:40 +0100 (CET)
X-Original-To: liste@sauerlaender-in-koeln.de
Delivered-To: liste@server007.wilde-welt.de
Received: from [127.0.0.1] (p5088BCC5.dip0.t-ipconnect.de  
[80.136.188.197])
	by server007.wilde-welt.de (Postfix) with ESMTP id 989188680A9
	for <li...@sauerlaender-in-koeln.de>;
	Wed, 15 Nov 2006 23:29:37 +0100 (CET)
Message-ID: <45...@wilde-welt.de>
Date: Wed, 15 Nov 2006 23:29:26 +0100
From: Christian Aust <us...@wilde-welt.de>
User-Agent: Thunderbird 1.5.0.8 (Windows/20061025)
MIME-Version: 1.0
To: liste@sauerlaender-in-koeln.de
Subject: =?iso-8859-1?q?=5BSauerl=E4nder=5D_?= =?iso-8859-15?q? 
N=E4chstes_?=
=?iso-8859-15?q?Sauerl=E4nder- 
Treffen_am_DI=2C_21=2E11=2E2006_20_Uhr=2C_R?=
=?iso-8859-15?q?heinterrassen_K=F6ln?=
X-BeenThere: liste@sauerlaender-in-koeln.de
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: =?iso-8859-1?q?Neues_f=FCr_die_Sauerl=E4nder_in_K=F6ln?=
	<liste.sauerlaender-in-koeln.de>
List-Unsubscribe: <http://sauerlaender-in-koeln.de/cgi-bin/listinfo/ 
liste>,
	<mailto:liste-request@sauerlaender-in-koeln.de?subject=unsubscribe>
List-Archive: <http://mailman.wilde-welt.de/pipermail/liste>
List-Post: <ma...@sauerlaender-in-koeln.de>
List-Help: <mailto:liste-request@sauerlaender-in-koeln.de?subject=help>
List-Subscribe: <http://sauerlaender-in-koeln.de/cgi-bin/listinfo/ 
liste>,
	<mailto:liste-request@sauerlaender-in-koeln.de?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1701238995=="
Mime-version: 1.0
Sender: liste-bounces@sauerlaender-in-koeln.de
Errors-To: liste-bounces@sauerlaender-in-koeln.de

Re: Unexpected behavior when checking list mails

Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.

Christian Aust wrote:
> Hi all,
> 
> I'm using spamassassin 3.1.7 on Debian 3.1 w/ postfix 2.3.3 and GNU 
> MailMain 2.1.5. When I last sent out a message to the list participants, 
> I encountered this:
> 
> Two users having an local account on the same machine from which the 
> mail comes are subscribed to the list. Both get the mail, but the spam 
> score differs, although both use an empty users_prefs file in 
> ~/.spamassassin. While user1 gets the mail flagged as spam, it's ok for 
> user2 (that's me). This is the spam report that's been generated for user1:

First, the reason you saw the differing scores is because the first to 
be scanned ("user2") timed out on the Sorbs DNS lookup.

Second, the reason the lookups were even done (assuming that you used 
SMTP auth to send the message) is that Postfix (well, not Postfix itself 
;) is stubborn.

Add/set the following line in your Postfix config:

smtpd_sasl_authenticated_header = yes

Also see: http://wiki.apache.org/spamassassin/DynablockIssues

Daryl