You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jerome Mainka <ma...@antidot.net> on 2005/10/19 16:02:24 UTC
Confused about RCVD_IN_[SORBS|NJABL]_DUL
Hello,
I am very confused about the way SpamAssassin triggers these rules. Here is
the Received headers of a legitimate message:
=== Received headers
Received: from mwinf0107.wanadoo.fr (mwinf0107.wanadoo.fr)
by mwinb0504 (SMTP Server) with LMTP; Tue, 18 Oct 2005 17:49:36 +0200
Received: from me-wanadoo.net (localhost [127.0.0.1])
by mwinf0107.wanadoo.fr (SMTP Server) with ESMTP id B223EA00014D
for <wf...@back05-mail02-02.me-wanadoo.net>;
Tue, 18 Oct 2005 17:49:36 +0200 (CEST)
Received: from Test (APuteaux-116-1-6-180.w193-251.abo.wanadoo.fr
[193.251.71.180])
by mwinf0107.wanadoo.fr (SMTP Server) with ESMTP id 4FFBFA0001B3
for <xx...@wanadoo.fr>; Tue, 18 Oct 2005 17:49:23
+0200 (CEST)
=== Received headers
The internal_networks set for xxx@wanadoo.fr contains the MX IP addresses of
wanadoo.fr, plus mwinf0107.wanadoo.fr (193.252.22.30).
The system keeps triggering these rules...
I even added 127.0.0.1, it doesn't change anything.
The first hop is supposed to be ignored and the last 2 are all trusted. What
have I missed?
Jerome Mainka
Antidot
Re: Confused about RCVD_IN_[SORBS|NJABL]_DUL
Posted by mouss <us...@free.fr>.
Jerome Mainka a écrit :
>Hello,
>
>I finally got the point of what is wrong with the mail I was dealing with.
>
>=== Received headers
>Received: from mwinf0107.wanadoo.fr (mwinf0107.wanadoo.fr)
> by mwinb0504 (SMTP Server) with LMTP; Tue, 18 Oct 2005 17:49:36 +0200
>Received: from me-wanadoo.net (localhost [127.0.0.1])
> by mwinf0107.wanadoo.fr (SMTP Server) with ESMTP id B223EA00014D
> for <wf...@back05-mail02-02.me-wanadoo.net>;
> Tue, 18 Oct 2005 17:49:36 +0200 (CEST)
>Received: from Test (APuteaux-116-1-6-180.w193-251.abo.wanadoo.fr
> [193.251.71.180])
> by mwinf0107.wanadoo.fr (SMTP Server) with ESMTP id 4FFBFA0001B3
> for <xx...@wanadoo.fr>; Tue, 18 Oct 2005 17:49:23
> +0200 (CEST)
>=== Received headers
>
>Notice the destination of the 1st hop and the origin of the second hop (which
>is by chance the same host :-).
>I changed it by the more classical received format host:
>
>mwinf0107.wanadoo.fr (mwinf0107.wanadoo.fr [193.252.22.30])
>
>
I would say that SA should ignore LMTP lines since they are local.
Re: Confused about RCVD_IN_[SORBS|NJABL]_DUL
Posted by Jerome Mainka <ma...@antidot.net>.
Hello,
I finally got the point of what is wrong with the mail I was dealing with.
=== Received headers
Received: from mwinf0107.wanadoo.fr (mwinf0107.wanadoo.fr)
by mwinb0504 (SMTP Server) with LMTP; Tue, 18 Oct 2005 17:49:36 +0200
Received: from me-wanadoo.net (localhost [127.0.0.1])
by mwinf0107.wanadoo.fr (SMTP Server) with ESMTP id B223EA00014D
for <wf...@back05-mail02-02.me-wanadoo.net>;
Tue, 18 Oct 2005 17:49:36 +0200 (CEST)
Received: from Test (APuteaux-116-1-6-180.w193-251.abo.wanadoo.fr
[193.251.71.180])
by mwinf0107.wanadoo.fr (SMTP Server) with ESMTP id 4FFBFA0001B3
for <xx...@wanadoo.fr>; Tue, 18 Oct 2005 17:49:23
+0200 (CEST)
=== Received headers
Notice the destination of the 1st hop and the origin of the second hop (which
is by chance the same host :-).
I changed it by the more classical received format host:
mwinf0107.wanadoo.fr (mwinf0107.wanadoo.fr [193.252.22.30])
And this time, the mail doesn't trigger RCVD_IN_[SORBS|NJABL]_DUL
For info, here are the complete modified received headers :
=== Modified Received headers
Received: from mwinf0107.wanadoo.fr (mwinf0107.wanadoo.fr)
by mwinb0504 (SMTP Server) with LMTP; Tue, 18 Oct 2005 17:49:36 +0200
Received: from me-wanadoo.net (localhost [127.0.0.1])
by mwinf0107.wanadoo.fr (mwinf0107.wanadoo.fr [193.252.22.30])
with ESMTP id B223EA00014D
for <wf...@back05-mail02-02.me-wanadoo.net>;
Tue, 18 Oct 2005 17:49:36 +0200 (CEST)
Received: from Test (APuteaux-116-1-6-180.w193-251.abo.wanadoo.fr
[193.251.71.180])
by mwinf0107.wanadoo.fr (mwinf0107.wanadoo.fr [193.252.22.30]) with
ESMTP id 4FFBFA0001B3
for <xx...@wanadoo.fr>; Tue, 18 Oct 2005 17:49:23
+0200 (CEST)
=== Modified Received headers
In the debug trace, I can see that SA submits to the different RBL servers
just the origin of the post in the first case. In the second case, it submits
also the smtp server mwinf0107.wanadoo.fr.
In my opinion, it is bug. Should I fill a bug report?
Thanks for your answers.
Jérôme Mainka
Antidot