Re: [Possible SPAM] trustedrelays

2007-04-25 Thread Daryl C. W. O'Shea 

Chris wrote:

[2474] dbg: metadata: X-Spam-Relays-Trusted: [ ip=127.0.0.1 
rdns=localhost.localdomain helo=localhost by=mailrelay.embarq.synacor.com 
ident= envfrom= intl=1 id=8B8062336D7 auth= ] [ ip=127.0.0.1 rdns= 
helo=mailrelay.embarq.synacor.com by=localhost ident= envfrom= intl=1 
id=jfvuG0A1xsHa auth= ]


[2474] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=71.48.168.13 
rdns=tx-71-48-168-13.dhcp.embarqhsd.net helo=!192.168.2.2! 
by=mailrelay.embarq.synacor.com ident= envfrom= intl=0 id=228272334BD auth= ]


I read what it says, but I guess I don't understand. I see that 127.0.0.1 is 
trusted and from what the wiki says, thats a given. I read this as my ip 
being untrusted, is that correct? If thats the case would the only trusted 
relays be 127.0.0.1? What about the trusted_networks entry? I'm unsure on 
that also. This is my current trusted_networks line:


trusted_networks 127/8 192.168/16 207.217.121/24 209.86.93/24 208.47.184/24


Assuming that 71.48.168.13 is your IP, yeah, it's not trusted, nor 
should it be given that it's not in your trusted_networks config.  That 
leaves 127.0.0.1 being trusted.  208.47.184.129 is ignored since header 
parsing restarts after it finds a fetchmail marker.


I'm not sure what about the trusted_networks entry you want to know. 
Actually I'm not sure what at all you want to know.



Daryl

[Possible SPAM] Re: [Possible SPAM] trustedrelays

2007-04-25 Thread Chris 
On Wednesday 25 April 2007 4:34 pm, Daryl C. W. O'Shea wrote:
 Chris wrote:
  [2474] dbg: metadata: X-Spam-Relays-Trusted: [ ip=127.0.0.1
  rdns=localhost.localdomain helo=localhost by=mailrelay.embarq.synacor.com
  ident= envfrom= intl=1 id=8B8062336D7 auth= ] [ ip=127.0.0.1 rdns=
  helo=mailrelay.embarq.synacor.com by=localhost ident= envfrom= intl=1
  id=jfvuG0A1xsHa auth= ]
 
  [2474] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=71.48.168.13
  rdns=tx-71-48-168-13.dhcp.embarqhsd.net helo=!192.168.2.2!
  by=mailrelay.embarq.synacor.com ident= envfrom= intl=0 id=228272334BD
  auth= ]
 
  I read what it says, but I guess I don't understand. I see that 127.0.0.1
  is trusted and from what the wiki says, thats a given. I read this as my
  ip being untrusted, is that correct? If thats the case would the only
  trusted relays be 127.0.0.1? What about the trusted_networks entry? I'm
  unsure on that also. This is my current trusted_networks line:
 
  trusted_networks 127/8 192.168/16 207.217.121/24 209.86.93/24
  208.47.184/24

 Assuming that 71.48.168.13 is your IP, yeah, it's not trusted, nor
 should it be given that it's not in your trusted_networks config.  That
 leaves 127.0.0.1 being trusted.  208.47.184.129 is ignored since header
 parsing restarts after it finds a fetchmail marker.

 I'm not sure what about the trusted_networks entry you want to know.
 Actually I'm not sure what at all you want to know.

What I'm trying to figure out Daryl is what would be added to my 
trusted_networks config line to reflect embarq and or synacor. Previously 
this is all I had on that line, 127/8 192.168/16 207.217.121/24 209.86.93/24. 
Since I'm now 'in between' hosts, meaning that El is forwarding mail until 31 
Oct and I've changed some lists over to the new address. What, if anything, 
should be added to this line to reflect that change?


-- 
Chris
KeyID 0xE372A7DA98E6705C


pgpNWMsche5Ig.pgp
Description: PGP signature

Re: [Possible SPAM] Re: [Possible SPAM] trustedrelays

2007-04-25 Thread Daryl C. W. O'Shea 

Chris wrote:

What I'm trying to figure out Daryl is what would be added to my 
trusted_networks config line to reflect embarq and or synacor. Previously 
this is all I had on that line, 127/8 192.168/16 207.217.121/24 209.86.93/24. 
Since I'm now 'in between' hosts, meaning that El is forwarding mail until 31 
Oct and I've changed some lists over to the new address. What, if anything, 
should be added to this line to reflect that change?


You'd have to look at the headers of a (number of) message(s) sent from 
domains external to embarq to determine what networks are involved in 
embarq's mail network.


At a minimum it's going to involve 208.47.184.2.  Your previously noted 
usage of 208.47.184/24 may cover everything, or it may not.  You'll have 
to look at the headers of external mail to find out.



Daryl

[Possible SPAM] trustedrelays

2007-04-24 Thread Chris 
I'm 'trying' to get things back to normal after the switch from earthlink to 
my dsl provider, embarq. I'm reading the wiki page regarding this and ran 
spamassassin -D -t on a test message I had sent to myself. I'm confused about 
the results below:

[2474] dbg: received-header: parsed as [ ip=127.0.0.1 
rdns=localhost.localdomain helo=localhost by=mailrelay.embarq.synacor.com 
ident= envfrom= intl=0 id=8B8062336D7 auth= ]

[2474] dbg: received-header: relay 127.0.0.1 trusted? yes internal? yes

[2474] dbg: dns: IP is private, not looking up PTR: 127.0.0.1

[2474] dbg: received-header: parsed as [ ip=127.0.0.1 rdns= 
helo=mailrelay.embarq.synacor.com by=localhost ident= envfrom= intl=0 
id=jfvuG0A1xsHa auth= ]

[2474] dbg: received-header: relay 127.0.0.1 trusted? yes internal? yes

[2474] dbg: received-header: parsed as [ ip=71.48.168.13 
rdns=tx-71-48-168-13.dhcp.embarqhsd.net helo=!192.168.2.2! 
by=mailrelay.embarq.synacor.com ident= envfrom= intl=0 id=228272334BD auth= ]

[2474] dbg: received-header: relay 71.48.168.13 trusted? no internal? no

[2474] dbg: metadata: X-Spam-Relays-Trusted: [ ip=127.0.0.1 
rdns=localhost.localdomain helo=localhost by=mailrelay.embarq.synacor.com 
ident= envfrom= intl=1 id=8B8062336D7 auth= ] [ ip=127.0.0.1 rdns= 
helo=mailrelay.embarq.synacor.com by=localhost ident= envfrom= intl=1 
id=jfvuG0A1xsHa auth= ]

[2474] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=71.48.168.13 
rdns=tx-71-48-168-13.dhcp.embarqhsd.net helo=!192.168.2.2! 
by=mailrelay.embarq.synacor.com ident= envfrom= intl=0 id=228272334BD auth= ]

[2474] dbg: metadata: X-Spam-Relays-Internal: [ ip=127.0.0.1 
rdns=localhost.localdomain helo=localhost by=mailrelay.embarq.synacor.com 
ident= envfrom= intl=1 id=8B8062336D7 auth= ] [ ip=127.0.0.1 rdns= 
helo=mailrelay.embarq.synacor.com by=localhost ident= envfrom= intl=1 
id=jfvuG0A1xsHa auth= ]

[2474] dbg: metadata: X-Spam-Relays-External: [ ip=71.48.168.13 
rdns=tx-71-48-168-13.dhcp.embarqhsd.net helo=!192.168.2.2! 
by=mailrelay.embarq.synacor.com ident= envfrom= intl=0 id=228272334BD auth= ]

I read what it says, but I guess I don't understand. I see that 127.0.0.1 is 
trusted and from what the wiki says, thats a given. I read this as my ip 
being untrusted, is that correct? If thats the case would the only trusted 
relays be 127.0.0.1? What about the trusted_networks entry? I'm unsure on 
that also. This is my current trusted_networks line:

trusted_networks 127/8 192.168/16 207.217.121/24 209.86.93/24 208.47.184/24

I had to leave earthlink in there as they are forwarding mail to my embarq 
address through 31 Oct. I 'think' I have the last entry correct for embarq, 
but not sure.  The actual message headers are below, I did make one change 
and that was in the botnet setup which dropped the SA markup.

X-Spam-Virus: No
 X-Spam-Seen: Tokens 80
 X-Spam-New: Tokens 122
 X-Spam-ASN: 
 X-Spam-Remote: Host localhost.localdomain
 X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on 
cpollock.localdomain
 X-Spam-Status: No, score=4.0 required=5.0 tests=AWL=0.955,BAYES_00=-6.4,
BOTNET=5,RCVD_IN_NJABL_DUL=1.946,RCVD_IN_PBL=0.001,RCVD_IN_SORBS_DUL=2.046,
RM_t_bobbf3=0.5 autolearn=disabled version=3.1.8
 X-Spam-Hammy: Tokens 31
 X-Spam-Spammy: Tokens 5
 X-Spam-Pyzor: 
 X-Spam-DCC: cpollock 104; Body=1 Fuz1=1
 X-Spam-Level: 
 X-Spam-Untrusted: Relays [ ip=71.48.168.13
rdns=tx-71-48-168-13.dhcp.embarqhsd.net helo=!192.168.2.2!
by=mailrelay.embarq.synacor.com ident= envfrom= intl=0 id=228272334BD 
auth= ]
 X-Spam-RBL: Results dns:13.168.48.71.combined.njabl.org [127.0.0.3]
dns:13.168.48.71.zen.spamhaus.org [127.0.0.11]
dns:13.168.48.71.dnsbl.sorbs.net [127.0.0.10]
 Received: from pop.embarq.synacor.com [208.47.184.129]
by localhost.localdomain with POP3 (fetchmail-6.3.8)
for [EMAIL PROTECTED] (single-drop); Mon, 23 Apr 2007 19:06:30 
-0500 (CDT)
 Received: from localhost (localhost.localdomain [127.0.0.1])
by mailrelay.embarq.synacor.com (Postfix) with ESMTP id 8B8062336D7
for [EMAIL PROTECTED]; Mon, 23 Apr 2007 20:05:54 -0400 (EDT)
 X-Virus-Scanned: amavisd-new at
 Old-X-Spam-Flag: YES
 Old-X-Spam-Score: 7.006
 Old-X-Spam-Level: ***
 Old-X-Spam-Status: Yes, score=7.006 tagged_above=-10 required=6.6
tests=[AWL=2.014, BAYES_60=1, RCVD_IN_NJABL_DUL=1.946,
RCVD_IN_SORBS_DUL=2.046]
 Received: from mailrelay.embarq.synacor.com ([127.0.0.1])
by localhost (smtp02.embarq.synacor.com [127.0.0.1]) (amavisd-new, 
port 10024)
with ESMTP id jfvuG0A1xsHa for [EMAIL PROTECTED];
Mon, 23 Apr 2007 20:05:54 -0400 (EDT)
 Received: from [192.168.2.2] (tx-71-48-168-13.dhcp.embarqhsd.net 
[71.48.168.13])
by mailrelay.embarq.synacor.com (Postfix) with ESMTP id 228272334BD
for [EMAIL PROTECTED]; Mon, 23 Apr 2007 20:05:54 -0400 (EDT)

Thanks for any help

Chris

-- 
Chris
KeyID 0xE372A7DA98E6705C


pgpMgp16vjsF8.pgp
Description: PGP signature