https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6501
Summary: RCVD_IN_PBL wrongly catching IP addresses in
X-Originating-IP header
Product: Spamassassin
Version: 3.3.1
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Rules
AssignedTo: [email protected]
ReportedBy: [email protected]
The Spamhaus PBL is a list of IP addresses that shouldn't send unauthenticated
SMTP mail - such as DSL subscribers.
Webmail applications add the X-Originating-IP header with the IP address that a
webmail user is logged in from when sending mail.
Currently, if a webmail user sends a message through a host running
SpamAssassin, the RCVD_IN_PBL rule is triggered, upping the spam score.
According to the documentation, X-Originating-IP addresses "are virtually
appended into the Received: chain, so they are used in RBL checks where
appropriate", however I don't believe PBL lists are appropriate for this.
Example: These headers (sanitised for privacy) are from a message sent using a
Zimbra web client, from a user logged in from home, using an IP address his ISP
has listed in the Spamhaus PBL at http://www.spamhaus.org/pbl/query/PBL255647
(the whole subnet 122.57.0.0/16). Zimbra appends the X-Originating-IP header
(since switched off as a workaround).
Note that SpamAssassin used here is installed from CPAN on a host separate from
the Zimbra server, running with qmail.
==============================================================================
Received: from zcs.(mydomain) (192.168.1.x)
by mail.(mydomain) with SMTP; 17 Oct 2010 14:50:55 +1300
Received: from localhost (localhost [127.0.0.1])
by zcs.(mydomain) (Postfix) with ESMTP id C8FF63C321
for <bret@(recipientdomain)>; Sun, 17 Oct 2010 14:50:52 +1300 (NZDT)
Received: from zcs.(mydomain) ([127.0.0.1])
by localhost (zcs.(mydomain) [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ouK02YHo0Yib for <bret@(recipientdomain)>;
Sun, 17 Oct 2010 14:50:51 +1300 (NZDT)
Received: from zcs.(mydomain) (zcs.(mydomain) [127.0.0.2])
by zcs.(mydomain) (Postfix) with ESMTP id 436C43C31E
for <bret@(recipientdomain)>; Sun, 17 Oct 2010 14:50:51 +1300 (NZDT)
Date: Sun, 17 Oct 2010 14:50:50 +1300 (NZDT)
From: Hamish (surname) <hamish@(senderdomain)>
To: Bret (surname) <bret@(recipientdomain)>
Message-ID: <29966613.45.1287280250401.javamail.r...@zcs>
In-Reply-To: <17276425.42.1287280152224.javamail.r...@zcs>
Subject: (subject line was here)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_44_23777274.1287280250388"
X-Originating-IP: [122.57.x.y]
X-Mailer: Zimbra 6.0.7_GA_2473.UBUNTU8 (ZimbraWebClient - IE8
(Win)/6.0.7_GA_2473.UBUNTU8)
==============================================================================
Spamassassin scores this message as follows (relevant lines only):
pts rule name description
---- ---------------------- --------------------------------------------------
3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[122.57.x.y listed in zen.spamhaus.org]
==============================================================================
Note that the originating IP address is not in any Received header.
I believe that scoring X-Originating-IP address in PBL (not RBL) checks is a
bug - it is scoring authenticated HTTP originated mail as if it were
unauthenticated SMTP mail.
Using "clear_originating_ip_headers" as a workaround seems to have no effect -
could be Bug 6500.
--
Configure bugmail:
https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
