Re: Intermediate Relay checked against RBL

2008-11-21 Thread Matus UHLAR - fantomas 
> Oliver Welter <[EMAIL PROTECTED]> wrote:
> >   2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
> > bl.spamcop.net [Blocked - see
> > ]
> >   1.1 RCVD_IN_SORBS_WEB  RBL: SORBS: sender is a abuseable web
> >  server [82.113.121.16 listed in
> > dnsbl.sorbs.net]

On 21.11.08 08:01, Cedric Knight, GreenNet wrote:
> In this situation, I'd add
>   trusted_networks 82.113.121.16/32
> to local.cf.  It looks like the O2 gateway has genuinely been abused.

Which is very common for GSM/* gateways, unless companies start taking care
(and blocking outgoing SMTP).

> If you are POP-before-SMTP authentication,
> http://wiki.apache.org/spamassassin/POPAuthPlugin can add to
> trusted_networks automatically.

Or, better use SMTP authentication (pop-before-smtp is not that safe), with
proper headers (so SA will know it was authenticated)

> >   1.3 MISSING_SUBJECTMissing Subject: header
> >   0.1 RDNS_NONE  Delivered to trusted network by a host
> > with no rDNS
> >   1.5 MSGID_FROM_MTA_HEADER  Message-Id was added by a relay
> 
> These look like some problem with the MUA.  You might want to check
> why the client isn't adding Message-Id and Subject headers.

seconded, just the RDNS_NONE is again the business of O2...

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95

Re: Intermediate Relay checked against RBL

2008-11-21 Thread Justin Mason 

Cedric Knight, GreenNet writes:
> Oliver Welter <[EMAIL PROTECTED]> wrote:
> >   2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
> > bl.spamcop.net [Blocked - see
> > ]
> >   1.1 RCVD_IN_SORBS_WEB  RBL: SORBS: sender is a abuseable web
> >  server [82.113.121.16 listed in
> > dnsbl.sorbs.net]
> 
> In this situation, I'd add
>   trusted_networks 82.113.121.16/32
> to local.cf.  It looks like the O2 gateway has genuinely been abused.

Definitely.  It also appears in Spamcop and BRBL.

Also, you will need to add to trusted_networks any other gateways
between him and you, ie. 81.169.146.162, if it isn't already trusted.

--j.

Re: Intermediate Relay checked against RBL

2008-11-21 Thread Cedric Knight, GreenNet 
Oliver Welter <[EMAIL PROTECTED]> wrote:
>   2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
> bl.spamcop.net [Blocked - see
> ]
>   1.1 RCVD_IN_SORBS_WEB  RBL: SORBS: sender is a abuseable web
>  server [82.113.121.16 listed in
> dnsbl.sorbs.net]

In this situation, I'd add
  trusted_networks 82.113.121.16/32
to local.cf.  It looks like the O2 gateway has genuinely been abused.

If you are POP-before-SMTP authentication,
http://wiki.apache.org/spamassassin/POPAuthPlugin can add to
trusted_networks automatically.

>   1.3 MISSING_SUBJECTMissing Subject: header
>   0.1 RDNS_NONE  Delivered to trusted network by a host
> with no rDNS
>   1.5 MSGID_FROM_MTA_HEADER  Message-Id was added by a relay

These look like some problem with the MUA.  You might want to check
why the client isn't adding Message-Id and Subject headers.

HTH

CK

Intermediate Relay checked against RBL

2008-11-20 Thread Oliver Welter 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi All,

I am running SA 3.0 and ran into a severe Problem today.

A friend send an email from his Laptop using a 3G/UMTS card with his
Provider o2. This provider has all UMTS customers NAT'ed over one
external IP.
This IP seems to be blacklisted in SORBS, and so his mail got some extra
points for that, finally ending up with enough points to get rejected.
The second mailhub is used as smarthost by him.

Here are the relevant parts of the header, ** lines are commented by me:

**This is the mailqueue at the used smarthost, which was finally
contacting my SA**
Received: from localhost (client mail forwarder)
by mailin.webmailer.de (bertie mi52) (RZmta 17.20)
for <[EMAIL PROTECTED]>; Thu, 20 Nov 2008 08:11:02 +0100 (MET)
Received: from mo-p00-ob.rzone.de ([81.169.146.162])
by mailin.webmailer.de (bertie mi52) (RZmta 17.20)
with ESMTP id 600d75kAK75tjw ; Thu, 20 Nov 2008 08:11:02 +0100 (MET)
X-RZG-CLASS-ID: mo00
X-RZG-AUTH:
:IW0WcEPmefOo1oTvT/A9Gk0ePD+NyzH8AfvKl6eUpPDUjpTpUFip9/ZlrxMveDA=
** This is the smarthost, the sender here with th 82.113.121.16 is the
NAT'ed UMTS notebook **
Message-ID: <[EMAIL PROTECTED]>
Received: from X300 (16.121.113.82.net.de.o2.com [82.113.121.16])
by post.strato.de (mrclete mo11) (RZmta 17.20)
with ESMTP id 000e52kAK6M4qz ; Thu, 20 Nov 2008 08:10:57 +0100 (MET)

Here is the SA Report for this message, the mssing SUbject is clearly a
user problem, but the rest is all caused by the described relaying.

  2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
]
  1.1 RCVD_IN_SORBS_WEB  RBL: SORBS: sender is a abuseable web server
 [82.113.121.16 listed in dnsbl.sorbs.net]
  0.0 UNPARSEABLE_RELAY  Informational: message has unparseable
relay lines
  0.0 HTML_MESSAGE   BODY: HTML included in message
  1.4 SARE_GIF_ATTACHFULL: Email has a inline gif
  1.3 MISSING_SUBJECTMissing Subject: header
  0.1 RDNS_NONE  Delivered to trusted network by a host with
no rDNS
  1.5 MSGID_FROM_MTA_HEADER  Message-Id was added by a relay

Anybody has an idea if this is intentional or a missconfiguration on my
site or whatevere. Some subsequent tries show, that the problem is
reproducible.

any hints are welcome

Oliver
- --
Protect your environment -  close windows and adopt a penguin!
PGP-Key: 3B2C 8095 A7DF 8BB5 2CFF  8168 CAB7 B0DD 3985 1721
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJJmSlyrew3TmFFyERAjsOAJ9r9r1/F3wJCEWvYYyi6CevYT1tzACfeq+F
+Tvqvqmt7cRVHNkN2fkVSKE=
=8nnF
-END PGP SIGNATURE-