You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2006/09/07 18:35:21 UTC
[Bug 5092] New: problem with mail which comes over a local mailserver and relayserver
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5092
Summary: problem with mail which comes over a local mailserver
and relayserver
Product: Spamassassin
Version: 3.1.5
Platform: Other
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: spamassassin
AssignedTo: dev@spamassassin.apache.org
ReportedBy: dieter.ferdinand@gmx.de
hello,
today, i send testmails to all my mail-adresses and some of this mails, which
are processed by spamassassin have a high score and is recognized as spam.
it is a simple problem:
local mailserver with local, non internet, ip-adress like 192.168.0.10
to
mailserver of the provider as relay for local mailserver with internet-ip
the local mailserver use a local dns-name in the helo command and have a dynamic
ip to the internet.
both is recognized by spamassassin and this gives a high score.
spamassassin should check that the mail is send over the mailserver for the
mail-domain from the sender-mail-address and it would be good, if spamassassin
can ignore all received headers which are inserted before the first with
internet-ip is inserted. this make less problems, if the sender use a local
mailserver which don't have an internet-ip-address
it is good, to check the mail for dynamic ip of the sender, but the most sender
use dynamic ip and a relay-server with internet-ip from the mail-provider.
some people with a local mail-server others send the mails direct to the
relay-server from mail-program
i think, it is no good idea, to set for all dynamic ip from the sender a high
score. only such mails, which have dynamic sender ip and are not send through
the mail-server which is trusted for this mail-domain should have a high score.
i can set a filter for spamassassin for my test-mails, but i can't do this for
other users, which use spamassasin.
i hope, you understand my problem.
i get a spam-report like this:
pts rule name description
---- ---------------------- --------------------------------------------------
2.2 INVALID_DATE Invalid Date: header (not RFC 2822)
4.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr
1)
0.5 ADDRESS_IN_SUBJECT To: address appears in Subject
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable web server
[85.212.30.23 listed in dnsbl.sorbs.net]
here the mail-headers:
eturn-Path: <di...@gmx.de>
Received: from murder ([unix socket])
by linux-p3-dual (Cyrus v2.3.3) with LMTPA;
Thu, 07 Sep 2006 16:31:08 +0200
X-Sieve: CMU Sieve 2.3
Received: by linux-p3-dual.ferdinand.lo (Postfix)
id 83BA553E77; Thu, 7 Sep 2006 16:31:08 +0200 (CEST)
Delivered-To: d_ferdi@linux-p3-dual.ferdinand.lo
Received: by linux-p3-dual.ferdinand.lo (Postfix, from userid 0)
id 7CFEA53DFF; Thu, 7 Sep 2006 16:31:08 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on
linux-p3-dual.ferdinand.lo
X-Spam-Level:
X-Spam-Status: No, score=-4.2 required=5.0 tests=ADDRESS_IN_SUBJECT,BAYES_00,
HELO_DYNAMIC_IPADDR,INVALID_DATE,RCVD_IN_SORBS_WEB,lokaler_mailserver
autolearn=no version=3.1.5
X-Flags: 0000
Delivered-To: GMX delivery to dieter_ferdinand@gmx.net
Received: from pop.gmx.de [213.165.64.22]
by linux-p3-dual.ferdinand.lo with POP3 (fetchmail-6.3.3)
for <d_...@localhost> (single-drop); Thu, 07 Sep 2006 16:31:00 +0200 (CEST)
Received: (qmail invoked by alias); 07 Sep 2006 14:21:37 -0000
Received: from p85.212.30.23.tisdip.tiscali.de (HELO linux-p3-dual.ferdinand.lo)
[85.212.30.23]
by mail.gmx.net (mp037) with SMTP; 07 Sep 2006 16:21:37 +0200
X-Authenticated: #222744
Received: from [192.168.1.7] (p3-550.ferdinand.lo [192.168.1.7])
by linux-p3-dual.ferdinand.lo (Postfix) with ESMTP id 5675F53E73
for <di...@gmx.net>; Thu, 7 Sep 2006 16:21:37 +0200 (CEST)
From: "Dieter Ferdinand" <di...@gmx.de>
To: dieter_ferdinand@gmx.net
Date: Thu, 07 Sep 2006 16:21:38 +1
MIME-Version: 1.0
Subject: test dieter_ferdinand@gmx.net
Reply-to: Dieter.Ferdinand@gmx.de
Message-ID: <45...@dieter.ferdinand.gmx.de>
X-Confirm-Reading-To: Dieter.Ferdinand@gmx.de
X-pmrqc: 1
Return-receipt-to: Dieter.Ferdinand@gmx.de
Priority: normal
X-mailer: Pegasus Mail for Windows (4.31, DE v4.31 R1)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: 0 (Mail was not recognized as spam)
X-GMX-UID: yhg5cNlHeWU7jH0GcHVzZ+E5U3U4N49D
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5092] problem with mail which comes over a local mailserver and relayserver
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5092
------- Additional Comments From dieter.ferdinand@gmx.de 2006-12-05 14:33 -------
hello,
you don't understand me. this is not a local problem, which affect only my.
i don't know, how many mail-server exist, which have private ip-adresses and
send mail to gateway-mailserver to the internet. all this mails have headers,
with dns-names and ip-adresses which can't check with internet dns-servers.
so everybody which use spamassassin must configure it to accept or ignore all
privat ip-adresses in mail headers.
but this makes a new problem, if spamassassin then accept all mails which have
private ip-adresses and dynamic internet-ip-adresses or headers with
mail-adresses from spam-mail-servers.
i think, the best is, spamassassin ignore all headers with privat ip-adresses
and check only headers with internet-ip-adresses.
i don't use spamassassin to delete mails, i only set spam-information to the
mail and sort them with sieve on my mailserver, so i can change the
configuration, if a mail is false detected as spam.
it is ok, using dynamic ip-adresses to identify spam-mails, also servers which
transport only spam, but it is not ok, to detect all mails which have headers
with private ip-adresses always as spam by default.
i hope, you understand my problem. i can change MY configuration, but who change
all other configurations to receive mails from me or other people, which use a
private mail-server as gateway to their mail-provider.
goodby
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5092] problem with mail which comes over a local mailserver and relayserver
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5092
------- Additional Comments From dieter.ferdinand@gmx.de 2006-12-06 13:18 -------
hello,
this is my configuration to send mails to the internet:
relayhost = mail.gmx.de
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain
smtp_use_tls = no
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password_outgoing_smtp
smtp_sasl_security_options = noanonymous
i can only send mails to the internet, if i use one of my provider as relayhost
because a lot of mail-server don't accept my mails while i have a dynamic ip and
no mx and reverse dns entry for that address.
the two ip-adresses are some of my dynamic ip-adresses. i get every 24 hour a
new address.
i send some testmails again an get this headers in the mail:
Received: from pop.gmx.net [213.165.64.22]
by linux-p3-dual.ferdinand.lo with POP3 (fetchmail-6.3.3)
for <d_...@localhost> (single-drop); Wed, 06 Dec 2006 22:04:08 +0100 (CET)
Received: (qmail invoked by alias); 06 Dec 2006 21:03:45 -0000
Received: from unknown (EHLO [0.1.0.4]) [194.97.125.65]
by mail.gmx.net (mp039) with SMTP; 06 Dec 2006 22:03:45 +0100
X-Authenticated: #222744
From: "Dieter Ferdinand" <di...@gmx.de>
Received: from pop3.arcor-online.net [151.189.21.113]
by linux-p3-dual.ferdinand.lo with POP3 (fetchmail-6.3.3)
for <d_...@localhost> (single-drop); Wed, 06 Dec 2006 22:05:36 +0100 (CET)
Received: from localhost (mail-in-05.arcor-online.net [151.189.21.45])
by mail-in-06-z2.arcor-online.net (Postfix) with ESMTP id 2F2BC5BD62
for <di...@nexgo.de>; Wed, 6 Dec 2006 22:04:03 +0100 (CET)
Received: from mail-in-05.arcor-online.net ([127.0.0.1])
by localhost (mail-in-05 [127.0.0.1]) (amavisd-new, port 10024) with LMTP
id 31434-05 for <di...@nexgo.de>;
Wed, 6 Dec 2006 22:04:03 +0100 (CET)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
by mx.arcor.de (Postfix) with SMTP id F00FA27B4FE
for <di...@nexgo.de>; Wed, 6 Dec 2006 22:04:02 +0100 (CET)
Received: (qmail invoked by alias); 06 Dec 2006 21:04:02 -0000
Received: from E7d41.e.strato-dslnet.de (EHLO linux-p3-dual.ferdinand.lo)
[194.97.125.65]
by mail.gmx.net (mp018) with SMTP; 06 Dec 2006 22:04:02 +0100
X-Authenticated: #222744
Received: by linux-p3-dual.ferdinand.lo (Postfix, from userid 1009)
id 2553453F57; Wed, 6 Dec 2006 22:04:02 +0100 (CET)
Subject: test dieter_ferdinand@nexgo.de
if i remember right, i tried to configure postfix to send no helo or ehlo, but
this don't work.
i see, you see the problem which i have with spamassassin.
it is no problem for me, to change my configuration so spamassassin don't
recognize it as spam, but i can't change the configuration of all users of
spamassassin to work right in this situation.
i have the same problem with a manufacturer of a pbx-system on which are some
options deaktivated without need. he say to me, if i set the right
configuration, it works, but if i can't call somebody because he has a false
configuration, i should say him, that he should correct his false configuration.
but who should i do that, if i can't call him ? and if i can, nobody is
interestet to that because it works all fine while all other people who call him
have a configuration, which works.
so i say to everybody, who ask me for a pbx that he should not by one from this
manufacturer.
goodby
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5092] problem with mail which comes over a local mailserver and relayserver
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5092
------- Additional Comments From felicity@apache.org 2006-12-05 12:36 -------
it sounds like trusted/internal_networks isn't set correctly.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5092] problem with mail which comes over a local mailserver and relayserver
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5092
------- Additional Comments From sidney@sidney.com 2006-12-06 01:29 -------
I think I'm confused about what your configuration is.
It looks to me that you are running Postfix. Is that correct? You say that you
are configured to use your provider's mail server as smarthost. Do you have in
the file
/etc/postfix/main.cf
the line
relayhost = mail.gmx.net
When you do that, do you see the Received header that includes
(HELO linux-p3-dual.ferdinand.lo)?
If that is all true, then there may be a problem in SpamAssassin. But if you are
using PostFix and you are not using the relayhost configuration option, that
would explain it all.
I don't understand what is the relationship between the ip address 85.212.30.23
in your original example and 194.97.125.65 in your last comment. Are those two
very different dynamic ip addresses that you had on the same machine at
different times?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5092] problem with mail which comes over a local mailserver and relayserver
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5092
dieter.ferdinand@gmx.de changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|WORKSFORME |
------- Additional Comments From dieter.ferdinand@gmx.de 2006-12-06 00:40 -------
hello,
i use the mailserver from my provider as smarthost and i have no possibility to
affect, what headers are inserted from this mail-server.
if i send mail direct to the mailserver from my provider, i have this headers:
Received: from unknown (EHLO [0.1.0.4]) [194.97.125.65]
by mail.gmx.net (mp001) with SMTP; 06 Dec 2006 09:08:09 +0100
X-Authenticated: #222744
or:
Received: (qmail invoked by alias); 06 Dec 2006 08:04:55 -0000
Received: from E7d41.e.strato-dslnet.de (EHLO [0.1.0.4]) [194.97.125.65]
by mail.gmx.net (mp001) with SMTP; 06 Dec 2006 09:04:55 +0100
X-Authenticated: #222744
i have always dynamic ip-adresses in the header, but here it is the first
received entry and if i use my mailserver it is the second or third entry.
the most logins to the internet in germany have dynamic ip-adresses and this is
only an indication for spam, if this mail is not relayed by the mail-server for
the maildomain of the sender.
i know, that this is a problem, if all headers are ignored, which are before the
mailserver for the sender domain, somebody can insert some headers to disable
this checking. but all mails must relay by a mailserver and as example, no
mailserver from gmx.de sends mails to web.de through a mailserver of an other
provider.
it is simple to check this, if i receive the mails with my own mailserver, i can
check the sender ip and if it is dynamic or not from a mailserver of the sender
domain, i can reject the mail, but i use fetchmail, to get the mails from my
provider and use spamassassin the check the mail before my local mailserver get
the mail to send it to my local p.o. box.
this makes it difficult, to detect mailservers with dynamic ip-adresses. only if
one header have a dynamic ip-adress and the following mail-server is not the
mailserver for the sender domain, it is possible, that the mail is spam.
i don't know the best method, to check for dynamic-mailserver-ip-adresses in
this situation, but the check which spamassassin makes, makes problems for this
configuration.
goodby
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5092] problem with mail which comes over a local mailserver and relayserver
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5092
sidney@sidney.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
------- Additional Comments From sidney@sidney.com 2006-12-05 16:08 -------
The rule is doing exactly what it is supposed to do. It is not "detecting all
mails which have headers with private ip-adresses always as spam by default" as
you said. What it is doing is detecting all mails in which a dynamic ip address
is used as a mail server and giving it enough points that much of the mail from
that server will be scored as spam. Note that your mail was not only flagged for
using a dynamic ip address as a mailserver, but got another 1.5 points for being
flagged by that by SORBS.
The proper way to avoid the problem, both in SpamAssassin and in SORBS, is to
configure your server to relay your mail through your ISP's mail server as a
smarthost. Otherwise you are configuring your mail server to look like a spambot
and have to accept that your mail will look like spam.
Closing the bug as WORKSFORME
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.