You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jerome Mainka <ma...@antidot.net> on 2005/10/19 16:02:24 UTC

Confused about RCVD_IN_[SORBS|NJABL]_DUL

Hello,

I am very confused about the way SpamAssassin triggers these rules. Here is 
the Received headers of a legitimate message:

=== Received headers
Received: from mwinf0107.wanadoo.fr (mwinf0107.wanadoo.fr)
        by mwinb0504 (SMTP Server) with LMTP; Tue, 18 Oct 2005 17:49:36 +0200
Received: from me-wanadoo.net (localhost [127.0.0.1])
        by mwinf0107.wanadoo.fr (SMTP Server) with ESMTP id B223EA00014D
        for <wf...@back05-mail02-02.me-wanadoo.net>;
	Tue, 18 Oct 2005 17:49:36 +0200 (CEST)
Received: from Test (APuteaux-116-1-6-180.w193-251.abo.wanadoo.fr
	[193.251.71.180])
        by mwinf0107.wanadoo.fr (SMTP Server) with ESMTP id 4FFBFA0001B3
        for <xx...@wanadoo.fr>; Tue, 18 Oct 2005 17:49:23
	+0200 (CEST)
=== Received headers

The internal_networks set for xxx@wanadoo.fr contains the MX IP addresses of 
wanadoo.fr, plus mwinf0107.wanadoo.fr (193.252.22.30).

The system keeps triggering these rules...

I even added 127.0.0.1, it doesn't change anything.

The first hop is supposed to be ignored and the last 2 are all trusted. What 
have I missed?

Jerome Mainka
Antidot

Re: Confused about RCVD_IN_[SORBS|NJABL]_DUL

Posted by mouss <us...@free.fr>.
Jerome Mainka a écrit :

>Hello, 
>
>I finally got the point of what is wrong with the mail I was dealing with.
>
>=== Received headers
>Received: from mwinf0107.wanadoo.fr (mwinf0107.wanadoo.fr)
>        by mwinb0504 (SMTP Server) with LMTP; Tue, 18 Oct 2005 17:49:36 +0200
>Received: from me-wanadoo.net (localhost [127.0.0.1])
>        by mwinf0107.wanadoo.fr (SMTP Server) with ESMTP id B223EA00014D
>        for <wf...@back05-mail02-02.me-wanadoo.net>;
>        Tue, 18 Oct 2005 17:49:36 +0200 (CEST)
>Received: from Test (APuteaux-116-1-6-180.w193-251.abo.wanadoo.fr
>        [193.251.71.180])
>        by mwinf0107.wanadoo.fr (SMTP Server) with ESMTP id 4FFBFA0001B3
>        for <xx...@wanadoo.fr>; Tue, 18 Oct 2005 17:49:23
>        +0200 (CEST)
>=== Received headers
>
>Notice the destination of the 1st hop and the origin of the second hop (which 
>is by chance the same host :-). 
>I changed it by the more classical received format host:
>
>mwinf0107.wanadoo.fr (mwinf0107.wanadoo.fr [193.252.22.30])
>  
>
I would say that SA should ignore LMTP lines since they are local.

Re: Confused about RCVD_IN_[SORBS|NJABL]_DUL

Posted by Jerome Mainka <ma...@antidot.net>.
Hello, 

I finally got the point of what is wrong with the mail I was dealing with.

=== Received headers
Received: from mwinf0107.wanadoo.fr (mwinf0107.wanadoo.fr)
        by mwinb0504 (SMTP Server) with LMTP; Tue, 18 Oct 2005 17:49:36 +0200
Received: from me-wanadoo.net (localhost [127.0.0.1])
        by mwinf0107.wanadoo.fr (SMTP Server) with ESMTP id B223EA00014D
        for <wf...@back05-mail02-02.me-wanadoo.net>;
        Tue, 18 Oct 2005 17:49:36 +0200 (CEST)
Received: from Test (APuteaux-116-1-6-180.w193-251.abo.wanadoo.fr
        [193.251.71.180])
        by mwinf0107.wanadoo.fr (SMTP Server) with ESMTP id 4FFBFA0001B3
        for <xx...@wanadoo.fr>; Tue, 18 Oct 2005 17:49:23
        +0200 (CEST)
=== Received headers

Notice the destination of the 1st hop and the origin of the second hop (which 
is by chance the same host :-). 
I changed it by the more classical received format host:

mwinf0107.wanadoo.fr (mwinf0107.wanadoo.fr [193.252.22.30])

And this time, the mail doesn't trigger RCVD_IN_[SORBS|NJABL]_DUL

For info, here are the complete modified received headers :
=== Modified Received headers
Received: from mwinf0107.wanadoo.fr (mwinf0107.wanadoo.fr)
        by mwinb0504 (SMTP Server) with LMTP; Tue, 18 Oct 2005 17:49:36 +0200
Received: from me-wanadoo.net (localhost [127.0.0.1])
        by  mwinf0107.wanadoo.fr (mwinf0107.wanadoo.fr [193.252.22.30])
	with ESMTP id B223EA00014D
        for <wf...@back05-mail02-02.me-wanadoo.net>;
        Tue, 18 Oct 2005 17:49:36 +0200 (CEST)
Received: from Test (APuteaux-116-1-6-180.w193-251.abo.wanadoo.fr
        [193.251.71.180])
        by mwinf0107.wanadoo.fr (mwinf0107.wanadoo.fr [193.252.22.30]) with
	ESMTP id 4FFBFA0001B3
        for <xx...@wanadoo.fr>; Tue, 18 Oct 2005 17:49:23
        +0200 (CEST)
=== Modified Received headers

In the debug trace, I can see that SA submits to the different RBL servers 
just the origin of the post in the first case. In the second case, it submits 
also the smtp server mwinf0107.wanadoo.fr.

In my opinion, it is bug. Should I fill a bug report?

Thanks for your answers.

Jérôme Mainka
Antidot