You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Tom Fernandes <an...@gmx.net> on 2008/07/14 20:37:31 UTC
parsing original SMTP not working properly?
Hi,
I might have hitten a bug in the way SA parses out the original SMTP host.
I send and email from my mail client (to myself) through the SMTP server of
GMX. SA thinks the Mail was sent directly from my computer (i.e. my
dsl-routers IP) without using GMXs SMTP server.
SPF_FAIL, RCVD_IN_PBL RBL, RCVD_IN_XBL RBL, RCVD_IN_SORBS_DUL and RDNS_DYNAMIC
seem to think 85.55.41.198 was the SMTP server - which is wrong. 85.55.41.198
is the IP my dsl-router uses to connect to the Internet.
Am I understanding / have configured something wrong here or did I indeed hi a
bug? If so - shall I open a bugreport, post this to the dev-list or how to
proceed?
Full headers:
Return-Path: <an...@gmx.net>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on momo.seclinet.org
X-Spam-Level: ****
X-Spam-Status: No, score=4.3 required=5.0
tests=AWL,BAYES_40,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_DYNAMIC,SPF_FAIL,TVD_SPACE_RATIO
autolearn=no
bayes=0.2760
language=
report:
* 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
* [85.55.41.198 listed in zen.spamhaus.org]
* 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
* [85.55.41.198 listed in dnsbl.sorbs.net]
* 0.7 SPF_FAIL SPF: sender does not match SPF record (fail)
* [SPF failed: Please see
http://www.openspf.org/Why?s=mfrom&id=anyaddress%40gmx.net&ip=85.55.41.198&r=momo.seclinet.org]
* -0.2 BAYES_40 BODY: Bayesian spam probability is 20 to 40%
* [score: 0.2760]
* 2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
* 0.1 RDNS_DYNAMIC Delivered to trusted network by host with
* dynamic-looking rDNS
* -3.4 AWL AWL: From: address is in the auto white-list
X-Flags: 0000
Delivered-To: GMX delivery to seclinet@gmx.net
Received: by localhost (fdm 1.5, account "gmx");
Mon, 14 Jul 2008 01:04:12 +0200
Received: (qmail 6881 invoked by alias); 13 Jul 2008 22:29:06 -0000
Delivered-To: GMX delivery to anyaddress@gmx.net
Received: (qmail invoked by alias); 13 Jul 2008 22:29:06 -0000
Received: from 198.pool85-55-41.dynamic.orange.es (EHLO [192.168.0.25])
[85.55.41.198]
by mail.gmx.net (mp004) with SMTP; 14 Jul 2008 00:29:06 +0200
X-Authenticated: #8384405
X-Provags-ID: V01U2FsdGVkX1/KEJsVuZLKMG4BVaXLiJgyzPl76GsqwvYJeDn+q7
XuSbVqmMorwDIp
From: Tom Fernandes <an...@gmx.net>
To: Tom Fernandes <an...@gmx.net>
Subject: test-procmail
Date: Mon, 14 Jul 2008 00:29:04 +0200
User-Agent: KMail/1.9.9
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <20...@gmx.net>
X-FuHaFi: 0.00
X-GMX-Antivirus: 0 (no virus found)
X-GMX-Antispam: -2 (not scanned, spam filter disabled)
X-Resent-By: Forwarder <fo...@gmx.net>
X-Resent-For: anyaddress@gmx.net
X-Resent-To: seclinet@gmx.net
X-GMX-UID: /PQbLLcNa0AodebBJTAzUog3Njh6dE7a
X-Length: 2321
X-UID: 1521
thanks,
Tom
Re: parsing original SMTP not working properly?
Posted by Tom Fernandes <an...@gmx.net>.
Hi,
On Tuesday, 15. July 2008, mouss wrote:
> Tom Fernandes wrote:
> > [snip]
> > Not sure if I get your right. The way of the mail is the following:
> >
> > MUA (kmail) -> GMXs SMTP Server -> GMX forwards it from
> > anyaddress@gmx.net to seclinet@gmx.net (I have set it like this in my
> > account preferences at GMX) -> fdm (which is a similar to fetchmail)
> > fetches the mail via pop3 -> procmail (gets fed by fdm) -> spamassassin
> > (called from procmail as first rule).
> >
> > But to answer your question:
> >
> > Received: by localhost (fdm 1.5, account "gmx");
> > Mon, 14 Jul 2008 01:04:12 +0200
> >
> > is the header you are asking for - if I understood you correctly.
>
> I guess that's the problem. I don't think SA handles fdm.
Bug filed:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5941
lets see...
thanks for your comments,
Tom
Re: parsing original SMTP not working properly?
Posted by mouss <mo...@netoyen.net>.
Michelle Konzack wrote:
> Hello Tom,
>
> Am 2008-07-15 00:09:33, schrieb Tom Fernandes:
>> But to answer your question:
>>
>> Received: by localhost (fdm 1.5, account "gmx");
>> Mon, 14 Jul 2008 01:04:12 +0200
>>
>> is the header you are asking for - if I understood you correctly.
>
> With fetchmail it is the same problem...
ahuh? I use fetchmail and I don't see this problem.
>
> Why do you not set a "silent" mode like in fetchmail, so "fdm" does not
> insert this "Received:" header?
doesn't solve the problem. he needs to _add_ a header so that SA doesn't
consider his ISp as his own MTA.
Re: parsing original SMTP not working properly?
Posted by Michelle Konzack <li...@tamay-dogan.net>.
Hello Tom,
Am 2008-07-15 00:09:33, schrieb Tom Fernandes:
> But to answer your question:
>
> Received: by localhost (fdm 1.5, account "gmx");
> Mon, 14 Jul 2008 01:04:12 +0200
>
> is the header you are asking for - if I understood you correctly.
With fetchmail it is the same problem...
Why do you not set a "silent" mode like in fetchmail, so "fdm" does not
insert this "Received:" header?
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
Re: parsing original SMTP not working properly?
Posted by mouss <mo...@netoyen.net>.
Tom Fernandes wrote:
> [snip]
> Not sure if I get your right. The way of the mail is the following:
>
> MUA (kmail) -> GMXs SMTP Server -> GMX forwards it from anyaddress@gmx.net to
> seclinet@gmx.net (I have set it like this in my account preferences at
> GMX) -> fdm (which is a similar to fetchmail) fetches the mail via pop3 ->
> procmail (gets fed by fdm) -> spamassassin (called from procmail as first
> rule).
>
> But to answer your question:
>
> Received: by localhost (fdm 1.5, account "gmx");
> Mon, 14 Jul 2008 01:04:12 +0200
>
> is the header you are asking for - if I understood you correctly.
>
I guess that's the problem. I don't think SA handles fdm.
Re: parsing original SMTP not working properly?
Posted by Tom Fernandes <an...@gmx.net>.
Hi,
On Monday, 14. July 2008, mouss wrote:
> Tom Fernandes wrote:
> > Hi,
> >
> > I might have hitten a bug in the way SA parses out the original SMTP
> > host. I send and email from my mail client (to myself) through the SMTP
> > server of GMX. SA thinks the Mail was sent directly from my computer
> > (i.e. my dsl-routers IP) without using GMXs SMTP server.
> >
> > SPF_FAIL, RCVD_IN_PBL RBL, RCVD_IN_XBL RBL, RCVD_IN_SORBS_DUL and
> > RDNS_DYNAMIC seem to think 85.55.41.198 was the SMTP server - which is
> > wrong. 85.55.41.198 is the IP my dsl-router uses to connect to the
> > Internet.
> >
> > Am I understanding / have configured something wrong here or did I indeed
> > hi a bug? If so - shall I open a bugreport, post this to the dev-list or
> > how to proceed?
> >
> >
> >
> > Full headers:
> >
> > Return-Path: <an...@gmx.net>
> > X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
> > momo.seclinet.org X-Spam-Level: ****
> > X-Spam-Status: No, score=4.3 required=5.0
> > tests=AWL,BAYES_40,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_DYNAMIC
> >,SPF_FAIL,TVD_SPACE_RATIO autolearn=no
> > bayes=0.2760
> > language=
> > report:
> > * 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
> > * [85.55.41.198 listed in zen.spamhaus.org]
> > * 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
> > * 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic
> > IP address
> > * [85.55.41.198 listed in dnsbl.sorbs.net]
> > * 0.7 SPF_FAIL SPF: sender does not match SPF record (fail)
> > * [SPF failed: Please see
> > http://www.openspf.org/Why?s=mfrom&id=anyaddress%40gmx.net&ip=85.55.41.19
> >8&r=momo.seclinet.org] * -0.2 BAYES_40 BODY: Bayesian spam probability is
> > 20 to 40% * [score: 0.2760]
> > * 2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
> > * 0.1 RDNS_DYNAMIC Delivered to trusted network by host with
> > * dynamic-looking rDNS
> > * -3.4 AWL AWL: From: address is in the auto white-list
> > X-Flags: 0000
> > Delivered-To: GMX delivery to seclinet@gmx.net
> > Received: by localhost (fdm 1.5, account "gmx");
> > Mon, 14 Jul 2008 01:04:12 +0200
> > Received: (qmail 6881 invoked by alias); 13 Jul 2008 22:29:06 -0000
> > Delivered-To: GMX delivery to anyaddress@gmx.net
> > Received: (qmail invoked by alias); 13 Jul 2008 22:29:06 -0000
> > Received: from 198.pool85-55-41.dynamic.orange.es (EHLO [192.168.0.25])
> > [85.55.41.198]
> > by mail.gmx.net (mp004) with SMTP; 14 Jul 2008 00:29:06 +0200
>
> so mail is received by mail.gmx.net, then by localhost. SA cannot guess
> that it is not running on mail.gmx.net ;-p)
>
> where is the Received header that shows that the message moved from gmx
> to your mail server?
Not sure if I get your right. The way of the mail is the following:
MUA (kmail) -> GMXs SMTP Server -> GMX forwards it from anyaddress@gmx.net to
seclinet@gmx.net (I have set it like this in my account preferences at
GMX) -> fdm (which is a similar to fetchmail) fetches the mail via pop3 ->
procmail (gets fed by fdm) -> spamassassin (called from procmail as first
rule).
But to answer your question:
Received: by localhost (fdm 1.5, account "gmx");
Mon, 14 Jul 2008 01:04:12 +0200
is the header you are asking for - if I understood you correctly.
Tom
Re: parsing original SMTP not working properly?
Posted by mouss <mo...@netoyen.net>.
Tom Fernandes wrote:
> Hi,
>
> I might have hitten a bug in the way SA parses out the original SMTP host.
> I send and email from my mail client (to myself) through the SMTP server of
> GMX. SA thinks the Mail was sent directly from my computer (i.e. my
> dsl-routers IP) without using GMXs SMTP server.
>
> SPF_FAIL, RCVD_IN_PBL RBL, RCVD_IN_XBL RBL, RCVD_IN_SORBS_DUL and RDNS_DYNAMIC
> seem to think 85.55.41.198 was the SMTP server - which is wrong. 85.55.41.198
> is the IP my dsl-router uses to connect to the Internet.
>
> Am I understanding / have configured something wrong here or did I indeed hi a
> bug? If so - shall I open a bugreport, post this to the dev-list or how to
> proceed?
>
>
>
> Full headers:
>
> Return-Path: <an...@gmx.net>
> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on momo.seclinet.org
> X-Spam-Level: ****
> X-Spam-Status: No, score=4.3 required=5.0
> tests=AWL,BAYES_40,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_DYNAMIC,SPF_FAIL,TVD_SPACE_RATIO
> autolearn=no
> bayes=0.2760
> language=
> report:
> * 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
> * [85.55.41.198 listed in zen.spamhaus.org]
> * 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
> * 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
> address
> * [85.55.41.198 listed in dnsbl.sorbs.net]
> * 0.7 SPF_FAIL SPF: sender does not match SPF record (fail)
> * [SPF failed: Please see
> http://www.openspf.org/Why?s=mfrom&id=anyaddress%40gmx.net&ip=85.55.41.198&r=momo.seclinet.org]
> * -0.2 BAYES_40 BODY: Bayesian spam probability is 20 to 40%
> * [score: 0.2760]
> * 2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
> * 0.1 RDNS_DYNAMIC Delivered to trusted network by host with
> * dynamic-looking rDNS
> * -3.4 AWL AWL: From: address is in the auto white-list
> X-Flags: 0000
> Delivered-To: GMX delivery to seclinet@gmx.net
> Received: by localhost (fdm 1.5, account "gmx");
> Mon, 14 Jul 2008 01:04:12 +0200
> Received: (qmail 6881 invoked by alias); 13 Jul 2008 22:29:06 -0000
> Delivered-To: GMX delivery to anyaddress@gmx.net
> Received: (qmail invoked by alias); 13 Jul 2008 22:29:06 -0000
> Received: from 198.pool85-55-41.dynamic.orange.es (EHLO [192.168.0.25])
> [85.55.41.198]
> by mail.gmx.net (mp004) with SMTP; 14 Jul 2008 00:29:06 +0200
>
so mail is received by mail.gmx.net, then by localhost. SA cannot guess
that it is not running on mail.gmx.net ;-p)
where is the Received header that shows that the message moved from gmx
to your mail server?