Intermediate Relay checked against RBL

2008-11-20 Thread Oliver Welter 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi All,

I am running SA 3.0 and ran into a severe Problem today.

A friend send an email from his Laptop using a 3G/UMTS card with his
Provider o2. This provider has all UMTS customers NAT'ed over one
external IP.
This IP seems to be blacklisted in SORBS, and so his mail got some extra
points for that, finally ending up with enough points to get rejected.
The second mailhub is used as smarthost by him.

Here are the relevant parts of the header, ** lines are commented by me:

**This is the mailqueue at the used smarthost, which was finally
contacting my SA**
Received: from localhost (client mail forwarder)
by mailin.webmailer.de (bertie mi52) (RZmta 17.20)
for <[EMAIL PROTECTED]>; Thu, 20 Nov 2008 08:11:02 +0100 (MET)
Received: from mo-p00-ob.rzone.de ([81.169.146.162])
by mailin.webmailer.de (bertie mi52) (RZmta 17.20)
with ESMTP id 600d75kAK75tjw ; Thu, 20 Nov 2008 08:11:02 +0100 (MET)
X-RZG-CLASS-ID: mo00
X-RZG-AUTH:
:IW0WcEPmefOo1oTvT/A9Gk0ePD+NyzH8AfvKl6eUpPDUjpTpUFip9/ZlrxMveDA=
** This is the smarthost, the sender here with th 82.113.121.16 is the
NAT'ed UMTS notebook **
Message-ID: <[EMAIL PROTECTED]>
Received: from X300 (16.121.113.82.net.de.o2.com [82.113.121.16])
by post.strato.de (mrclete mo11) (RZmta 17.20)
with ESMTP id 000e52kAK6M4qz ; Thu, 20 Nov 2008 08:10:57 +0100 (MET)

Here is the SA Report for this message, the mssing SUbject is clearly a
user problem, but the rest is all caused by the described relaying.

  2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
]
  1.1 RCVD_IN_SORBS_WEB  RBL: SORBS: sender is a abuseable web server
 [82.113.121.16 listed in dnsbl.sorbs.net]
  0.0 UNPARSEABLE_RELAY  Informational: message has unparseable
relay lines
  0.0 HTML_MESSAGE   BODY: HTML included in message
  1.4 SARE_GIF_ATTACHFULL: Email has a inline gif
  1.3 MISSING_SUBJECTMissing Subject: header
  0.1 RDNS_NONE  Delivered to trusted network by a host with
no rDNS
  1.5 MSGID_FROM_MTA_HEADER  Message-Id was added by a relay

Anybody has an idea if this is intentional or a missconfiguration on my
site or whatevere. Some subsequent tries show, that the problem is
reproducible.

any hints are welcome

Oliver
- --
Protect your environment -  close windows and adopt a penguin!
PGP-Key: 3B2C 8095 A7DF 8BB5 2CFF  8168 CAB7 B0DD 3985 1721
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJJmSlyrew3TmFFyERAjsOAJ9r9r1/F3wJCEWvYYyi6CevYT1tzACfeq+F
+Tvqvqmt7cRVHNkN2fkVSKE=
=8nnF
-END PGP SIGNATURE-

Re: hostkarma junkemailfilter

2008-11-20 Thread Kai Schaetzl 
Micah Anderson wrote on  Thu, 20 Nov 2008 11:04:44 -0500:

> Where is this postfwd config you refer to?

I found it yesterday easily by just googling for, uh, "postfwd".

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

Re: hostkarma junkemailfilter

2008-11-20 Thread mouss 
Micah Anderson a écrit :
> "Benny Pedersen" <[EMAIL PROTECTED]> writes:
> 
>> On Tue, November 18, 2008 22:16, Henrik K wrote:
>>
>> postfwd and trusted_networks msa_networks is what i do use here, then minimal
>> dns lookups is needed olso, facebook have random helo so need to be
>> whitelisted hard in postfwd and in spamassassin, i have contacted facebook
>> about it, but the problem might still be there
>>
>> i like your postfwd config
> 
> Where is this postfwd config you refer to? I would like to see this.
> 

he probably meant
http://hege.li/howto/spam/etc/postfwd/postfwd.conf

Re: hostkarma junkemailfilter

2008-11-20 Thread Micah Anderson 
"Benny Pedersen" <[EMAIL PROTECTED]> writes:

> On Tue, November 18, 2008 22:16, Henrik K wrote:
>
> postfwd and trusted_networks msa_networks is what i do use here, then minimal
> dns lookups is needed olso, facebook have random helo so need to be
> whitelisted hard in postfwd and in spamassassin, i have contacted facebook
> about it, but the problem might still be there
>
> i like your postfwd config

Where is this postfwd config you refer to? I would like to see this.

micah

Re: SA's marking off

2008-11-20 Thread Matus UHLAR - fantomas 
On 20.11.08 07:01, Gene Heskett wrote:
> Most of my spam control is based on the number of stars in the X-Spam-Level 
> header line.
> 
> I have looked at 10_default_prefs.cf, and all the files in the .pre lineup, 
> and I can't find where that might be disabled.  It did work before I had a 
> drive failure last friday & had to re-install.  SA is 3.2.5, install is FU 8, 
> August 2008 respin.
> 
> What should I grep for that is turning that off.  The line is inserted ok,
> but no stars are inserted.

turning what off?

If the start, look as global config and user_prefs files, something adds
them to report.

However, stars only indicate the spamminess of mail, if your programs use
them, it's problem of their configuration, not SA business.

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759

SA's marking off

2008-11-20 Thread Gene Heskett 
Greetings;

Most of my spam control is based on the number of stars in the X-Spam-Level 
header line.

I have looked at 10_default_prefs.cf, and all the files in the .pre lineup, 
and I can't find where that might be disabled.  It did work before I had a 
drive failure last friday & had to re-install.  SA is 3.2.5, install is FU 8, 
August 2008 respin.

What should I grep for that is turning that off.  The line is inserted ok, but 
no stars are inserted.

Thanks.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Heisenberg may have been here.