Re: [SA-List] IPlanet and SA
On Friday 01 October 2004 04:10 pm, Carnegie, Martin wrote: > >So they're saying they can't be RFC compliant? The only thing I see > > that > > >might need to be fixed is: FAKE_HELO_SHAW_CA > > > >Other then that, it seems _they_ have some work to do. > > > >--Chris > > Well they said that hopefully with the next version they would, but they > gave me no ETA (other than "it is coming"). I am really surprised that > the Sun software is unable to do things correctly. I am not sure if it > is unable or they are unable. > > I know that this is probably the wrong place to post this, but I was > sure that I could get some answer here rather than with Sun. > > Thanks FYI, One of the systems I manage uses iPlanet and their associated webmail interface, which they call "messenger express". It's really horrid in the way that it works, throws many javascript errors that can't be fixed due to its closed nature. When an email is submitted via the web interface it's passed to a binary cgi (presumable written in C or C++) which handles all the processing. So it's not something that Shaw could fix themselves. Sun has been relatively unresponsive to our javascript and RFC bug reports to them. Jeremy
Re: [SA-List] IPlanet and SA
At 03:47 PM 10/1/2004, Carnegie, Martin wrote: X-Spam-Status: No, hits=4.1 required=5.0 tests=FAKE_HELO_SHAW_CA,HTML_30_40, HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY autolearn=no version=2.63 Here's a question for you. How'd your copy of SA 2.63 end up with a score of 4.1? Have you modified any scores? Grepping through 50_scores.cf for a stock copy of 2.63 I get these scores None of which total to anything which might round to 4.1. 0.298 0.904 2.800 0.585 (score FAKE_HELO_SHAW_CA) 0.160 0.001 0.100 0.100 (score HTML_MESSAGE) 1.107 1.717 1.259 1.184 (score HTML_MIME_NO_HTML_TAG) 0.666 0.100 0.248 0.320 (score MIME_HTML_ONLY) 0.837 0.809 0.919 0 (score HTML_30_40) --- 3.062 3.53 5.326 2.845 (totals) Other than this minor point, I'd agree with the others that fixing the FAKE_HELO match would be worthwhile. The HTML rule matches aren't nearly so bad on their own. I am really surprised that the Sun software is unable to do things correctly. I'm in general the opposite. I'm really surprised when Sun software can do things correctly. I'm extraordinarily unimpressed with IPlanet, which caused difficulty with one of my home ISPs that used IPlanet at the time. Their mail servers had trouble exchanging mail due to lack of RFC compliance at the SMTP layer (since fixed). It could have been the ISPs fault, or Sun's who knows, but the problem was something very fundamental like lack of generating HELO's prior to issuing mail. I was quite shocked the MTA could even be configured that way without great effort on the part of the ISP.
Re: [SA-List] IPlanet and SA
Carnegie, Martin wrote: Received: from [24.71.223.10] (helo=pd3mo2so.prod.shaw.ca) by atcoinss.atco.ca with esmtp (Exim ) for [EMAIL PROTECTED] id 1C5AtN-0003nf-Tt; Wed, 08 Sep 2004 16:26:17 -0600 (This looks like the section FAKE_HELO_SHAW_CA is firing on.) If I'm reading correctly, that means that the mailserver on atcoinss.atco.ca could not find reverse DNS info for 24.71.223.10. This is odd, because an nslookup yields shawidc-mo1.cg.shawcable.net. Also, pd3mo2so.prod.shaw.ca resolves to that IP. From what I can tell, FAKE_HELO_SHAW_CA checks to see that a HELO of shaw.ca matches an rDNS of shaw.ca or shawcable.net, which should have worked (i.e. it should have matched and cause the rule to not fire). So it looks like it *may* be a glitch with rDNS lookup on your end, or possibly with the settings of trusted_networks. It's worth noting also that FAKE_HELO_SHAW_CA doesn't seem to be in SA 3.0 except as an orphaned description in the dutch ruleset. -- Kelson Vibber SpeedGate Communications
RE: [SA-List] IPlanet and SA
>So they're saying they can't be RFC compliant? The only thing I see that >might need to be fixed is: FAKE_HELO_SHAW_CA >Other then that, it seems _they_ have some work to do. >--Chris Well they said that hopefully with the next version they would, but they gave me no ETA (other than "it is coming"). I am really surprised that the Sun software is unable to do things correctly. I am not sure if it is unable or they are unable. I know that this is probably the wrong place to post this, but I was sure that I could get some answer here rather than with Sun. Thanks
RE: [SA-List] IPlanet and SA
>-Original Message- >From: Carnegie, Martin [mailto:[EMAIL PROTECTED] >Sent: Friday, October 01, 2004 3:48 PM >To: Spamassassin-Users >Subject: [SA-List] IPlanet and SA > > >We are currently seeing emails from external customers being marked as >spam in SA when they come from an ISP called Shaw. I have been talking >to their tech support about these emails as I think that this is all on >their end due to the format of the email. As a Shaw customer >myself. I >sent an email from my account (through their web interface) and here is >the message headers *snip* > >So I understand why SA marks it as it does, but according to Shaw, they >cannot change any settings that would change the score. I have asked >them to either properly format the HTML or make it plain text, which is >not something they say can be done. > >Has anyone had experience with IPlanet that would know if there is some >setting that they could adjust? > >I know that I can whitelist them, but we prefer that they would fix >their system rather than we have to maintain a whitelist. > So they're saying they can't be RFC compliant? The only thing I see that might need to be fixed is: FAKE_HELO_SHAW_CA Other then that, it seems _they_ have some work to do. --Chris