http://bugzilla.spamassassin.org/show_bug.cgi?id=4576
------- Additional Comments From [EMAIL PROTECTED] 2005-09-09 10:17 ------- 'The don't look if there is just one hop, the just match the IP in the untrusted list.' Incorrect. They match only the *first* group of items in the untrusted list, using /^[^\]]+/. If there's >1 untrusted line, it'd match only the most recent. However, that's not the bug here. Instead, the bug is indeed a misparsing of the Received header line format... there is no numeric HELO in those lines, anyway! Here's debug output: [18063] dbg: received-header: parsed as [ ip=195.141.101.242 rdns=falafel.dataflow.ch helo=mail.dataflow.ch by=mx2.imp.ch ident= envfrom=xxx intl=0 id=j889KE9j063340 auth= ] [18063] dbg: received-header: relay 195.141.101.242 trusted? no internal? no [18063] dbg: received-header: parsed as [ ip=127.0.0.1 rdns=localhost helo=falafel.dataflow.ch by=falafel.dataflow.ch ident= envfrom= intl=0 id=CE7241CF1A2 auth= ] [18063] dbg: received-header: relay 127.0.0.1 trusted? no internal? no [18063] dbg: received-header: parsed as [ ip=213.165.64.20 rdns=mail.gmx.de helo=mail.gmx.net by=falafel.dataflow.ch ident= envfrom= intl=0 id=A2F591CF19D auth= ] [18063] dbg: received-header: relay 213.165.64.20 trusted? no internal? no [18063] dbg: received-header: parsed as [ ip=81.173.228.159 rdns= helo=15.254.203.62.cust.bluewin.ch by=hamburg134 ident= envfrom= intl=0 id= auth= ] note "helo=15.254.203.62.cust.bluewin.ch" in the last line -- that's incorrect. That's the bug. We need to add a pattern to Received.pm to correctly parse GMX Received lines for HELO. PS: btw, the most efficient way to report these cases is to open a bug with: - a sample message as attachment, with all headers - the user_prefs file with the trusted/internal_networks lines - debug output from "spamassassin -D -L -t < msg" the latter in particular has some key info that helps. PPS: it'd be nice if we could match up with the GMX SMTP AUTH signature, as we do for other common MTAs, but that "X-Authenticated" header looks very easily forgeable. :( ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
