https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6403
Summary: RCVD_IN_PBL matches legitimate GMail mails sent
through SMTP (not web)
Product: Spamassassin
Version: 3.3.1
Platform: Other
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Rules
AssignedTo: [email protected]
ReportedBy: [email protected]
Hello,
we have several false positives that are mainly triggered by RCVD_IN_PBL. The
problem appears to be that the rules matches also the last "Received:" line,
that in some cases it contains the end-user sender IP (eg: home DSL
connection). Those IPs are present in PBL by definition, and obviously there is
nothing wrong with them.
For instance:
Received: from Home (host167-186-dynamic.22-79-r.retail.telecomitalia.it
[79.22.186.167])
by mx.google.com with ESMTPS id 2sm12491398fks.42.2010.04.07.09.05.26
(version=SSLv3 cipher=RC4-MD5);
Wed, 07 Apr 2010 09:05:27 -0700 (PDT)
This mail is from a legitimate user using his @gmail.com through the
authenticated SMTP interface Google offers. The string "with ESMTPS" obviously
means that the user has authenticated with Google. But SA will still look up
the end-user IP in the PBL:
* 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
* [79.22.186.167 listed in zen.spamhaus.org]
Notice that the Received header above is the ONLY place is the whole e-mail
where the IP address appears. I can provide full headers on request.
--
Configure bugmail:
https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
