You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2005/06/28 01:41:01 UTC
[Bug 4436] New: FPS because trusted_networks are ignored for X-Originating-IP header
http://bugzilla.spamassassin.org/show_bug.cgi?id=4436
Summary: FPS because trusted_networks are ignored for X-
Originating-IP header
Product: Spamassassin
Version: 3.0.4
Platform: All
OS/Version: other
Status: NEW
Severity: blocker
Priority: P5
Component: Rules (Eval Tests)
AssignedTo: dev@spamassassin.apache.org
ReportedBy: mbr@freebsd.org
Google Groups uses X-Originating-IP: in all its headers, causing
massive false positives rates for google mails if one does use
blacklists.
Consider this case:
internal_networks 127.
trusted_networks 213.165.64.20
As you can see, 213.165.64.20 is whitelisted. But
all google group mails originating from this server
will lead to false positives.
See the proposed patch and the example.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4436] FPS because trusted_networks are ignored for X-Originating-IP header
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4436
jm@jmason.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|Undefined |3.1.0
------- Additional Comments From jm@jmason.org 2005-06-27 16:46 -------
needs checking
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4436] FPS because trusted_networks are ignored for X-Originating-IP header
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4436
jm@jmason.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From jm@jmason.org 2005-06-27 18:29 -------
hi Martin --
you're partly right. not entirely though ;)
you're correct that X-Originating-IP etc should be considered for
untrusted/firsttrusted tests, and that patch is now applied (updated for 3.1.0)
to svn trunk.
However, looking at the trusted_networks line you posted, that still won't have
the desired effect-- you have to trust *all* servers along the path from your
server to the poster, e.g.:
trusted_networks 213.165.64.20 216.155.201/24 66.218/16 130.60.28.29
this is because otherwise, [216.155.201.60] could have been a spammer pretending
to be a Yahoo server, and all Received lines prior to that one could have been a
forgery. So unless [216.155.201.60] is also trusted, no hosts prior to that can
be trusted because the Received lines themselves are not trustworthy.
anyway, that fix is now in trunk. closing...
Sending lib/Mail/SpamAssassin/EvalTests.pm
Transmitting file data .
Committed revision 202109.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4436] FPS because trusted_networks are ignored for X-Originating-IP header
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4436
------- Additional Comments From mbr@freebsd.org 2005-06-27 16:41 -------
Created an attachment (id=2961)
--> (http://bugzilla.spamassassin.org/attachment.cgi?id=2961&action=view)
Proposed patch
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4436] FPS because trusted_networks are ignored for X-Originating-IP header
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4436
------- Additional Comments From mbr@freebsd.org 2005-06-27 22:20 -------
Hi,
> you're correct that X-Originating-IP etc should be considered for
> untrusted/firsttrusted tests, and that patch is now applied (updated for3.1.0)
> to svn trunk.
>
> However, looking at the trusted_networks line you posted, that still won't have
> the desired effect-- you have to trust *all* servers along the path from your
> server to the poster, e.g.:
>
> trusted_networks 213.165.64.20 216.155.201/24 66.218/16 130.60.28.29
It has the desired effect because all yahoo servers are whitelisted here. Yes -
we have a really big whitelist, about 700 ISPs are whitelisted with all their
passing mailservers. And this helps a lot to avoid FPS, you wouldn't beleave it.
That a ISP server is hacked and sent from it directly is not really a problem
anymore these days.
> this is because otherwise, [216.155.201.60] could have been a spammer pretending
> to be a Yahoo server, and all Received lines prior to that one could have been a
> forgery. So unless [216.155.201.60] is also trusted, no hosts prior to that can
> be trusted because the Received lines themselves are not trustworthy.
Of course. Sorry for my false example ...
Martin
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4436] FPS because trusted_networks are ignored for X-Originating-IP header
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4436
------- Additional Comments From mbr@freebsd.org 2005-06-27 16:42 -------
Created an attachment (id=2962)
--> (http://bugzilla.spamassassin.org/attachment.cgi?id=2962&action=view)
Testcase
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.