You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Alex <my...@gmail.com> on 2010/08/11 16:58:47 UTC
DNS_FROM_OPENWHOIS always triggers
Hi,
How does DNS_FROM_OPENWHOIS work? I have a system where every message
triggers on DNS_FROM_OPENWHOIS and I can't figure out why.
I had some problems with the headers being mangled, but I was pretty
sure that was fixed. Could this be a postfix or amavisd configuration?
I did notice this one header discrepancy:
Received: by mail.mydomain.net (Postfix, from userid 78)
What's with the "Postfix, from user 78)"? This should be the server's
IP address, no?
Thanks,
Alex
Re: DNS_FROM_OPENWHOIS always triggers
Posted by Noel Jones <no...@gmail.com>.
On Wed, Aug 11, 2010 at 9:58 AM, Alex <my...@gmail.com> wrote:
...
> I did notice this one header discrepancy:
>
> Received: by mail.mydomain.net (Postfix, from userid 78)
>
> What's with the "Postfix, from user 78)"? This should be the server's
> IP address, no?
That header is normal when you're using a "simple" content_filter that
reinjects mail back to postfix using the sendmail(1) command rather than SMTP.
Your content_filter script is running as userid 78.
-- Noel Jones
Re: DNS_FROM_OPENWHOIS always triggers
Posted by Alex <my...@gmail.com>.
Hi,
>> > Forgot to mention: After running sa-update WRT 3.2.
>>
>> Great, thanks so much.
>
> Well, you *did* run sa-update since then, no? I mean, at the very least
> early this year. Begs the question, why you still do have that rule.
It's another system that I just adopted, and haven't finished
thoroughly going through it. I know it's v3.2.5, but will now have to
make sure it's being updated regularly.
Thanks,
Alex
Re: DNS_FROM_OPENWHOIS always triggers
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Wed, 2010-08-11 at 11:51 -0400, Alex wrote:
> > > Bug 6157 [1], remove open-whois.org rules since domain is cybersquatted.
> > >
> > > The rule has been removed a *year* ago, and is neither part of 3.3, nor
> > > 3.2 stock rules.
> >
> > Forgot to mention: After running sa-update WRT 3.2.
>
> Great, thanks so much.
Well, you *did* run sa-update since then, no? I mean, at the very least
early this year. Begs the question, why you still do have that rule.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: DNS_FROM_OPENWHOIS always triggers
Posted by Alex <my...@gmail.com>.
>> Bug 6157 [1], remove open-whois.org rules since domain is cybersquatted.
>>
>> The rule has been removed a *year* ago, and is neither part of 3.3, nor
>> 3.2 stock rules.
>
> Forgot to mention: After running sa-update WRT 3.2.
Great, thanks so much.
Best,
Alex
Re: DNS_FROM_OPENWHOIS always triggers
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Wed, 2010-08-11 at 17:24 +0200, Karsten Bräckelmann wrote:
> On Wed, 2010-08-11 at 10:58 -0400, Alex wrote:
> > How does DNS_FROM_OPENWHOIS work? I have a system where every message
> > triggers on DNS_FROM_OPENWHOIS and I can't figure out why.
>
> Bug 6157 [1], remove open-whois.org rules since domain is cybersquatted.
>
> The rule has been removed a *year* ago, and is neither part of 3.3, nor
> 3.2 stock rules.
Forgot to mention: After running sa-update WRT 3.2.
> [1] https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6157
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: DNS_FROM_OPENWHOIS always triggers
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Wed, 2010-08-11 at 10:58 -0400, Alex wrote:
> How does DNS_FROM_OPENWHOIS work? I have a system where every message
> triggers on DNS_FROM_OPENWHOIS and I can't figure out why.
Bug 6157 [1], remove open-whois.org rules since domain is cybersquatted.
The rule has been removed a *year* ago, and is neither part of 3.3, nor
3.2 stock rules.
[1] https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6157
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}