https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6645
Bug #: 6645
Summary: Problem with detection of authenticated mails coming
from servers running qmail-scanner
Product: Spamassassin
Version: 3.3.2
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P2
Component: Rules
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
A user using an IP-address being i.e. blacklisted on the zen.spamhaus.org-RBL
(in this example 188.45.128.1) sends a mail using an authenticated connection
(notice the expression "ESMTPA"). This server (firstmailserver.domain.local) is
running qmail-scanner which will forward the mail because the user was
authenticated and so spamassassin is bypassed on this server. Unfortunately
qmail-scanner inserts an own mail-header (line Received: from 188.45.128.1).
When the mail arrives at the target (which will see the appended mail) and the
target is running spamassassin (tested using 3.3.1 and 3.3.2), it doesn't
recognize that user1 was authenticated because of the line inserted by
qmail-scanner (deleting it for testing purposes will show that) and so it
checks the user's dial-up IP against the RBL and marks the mail as evil spam -
especially if the IP is on several RBLs which is not unusual nowadays. In this
case only one RCVD_IN_PBL is triggered, but I have seen other dial-up IPs
hitting several RBL-related scores causing spamassassin to create high spam
scores causing the mail to be rejected.
I'm unsure whether this is the fault of qmail-scanner (tested versions 2.05 and
2.08) (creating the line) or of spamassassin (not recognizing the line).
http://wiki.apache.org/spamassassin/DynablockIssues states that the devs should
be informed when spamassassin doesn't support the authentication method
(without telling how), so I submitted this report.
Return-Path: <[email protected]>
Received: from unknown (HELO firstmailserver.domain.local) (192.168.0.10)
by 0 with ESMTPS (DHE-RSA-AES256-SHA encrypted); 29 Apr 2011 18:34:01 -0000
Received: (qmail 19866 invoked by uid 210); 29 Apr 2011 18:23:54 -0000
Received: from 188.45.128.1 ([email protected]@188.45.128.1) by
firstmailserver (envelope-from <[email protected]>, uid 201) with
qmail-scanner-2.05st
(clamdscan: 0.97/13021. spamassassin: 3.3.1. perlscan: 2.05st.
Clear:RC:1(188.45.128.1):.
Processed in 0.013931 secs); 29 Apr 2011 18:23:54 -0000
Received: from unknown (HELO ?127.0.0.1?) ([email protected]@188.45.128.1)
by 0 with ESMTPA; 29 Apr 2011 18:23:53 -0000
Message-ID: <[email protected]>
Date: Fri, 29 Apr 2011 20:37:18 +0200
From: User1 <[email protected]>
To: [email protected]
Subject: Testmail
Test
--
Configure bugmail:
https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
