Re: question re/ RDNS_NONE

Am 24.11.15 um 21:03 schrieb John Hardin: On Tue, 24 Nov 2015, Reindl Harald wrote: i would suggest when the Received header for the *first* untrusted hop Just so we're clear on first vs. last: the host that submitted the mail to the most-remote MTA whose headers you trust. don't contain a

Re: question re/ RDNS_NONE

On Tue, 24 Nov 2015 12:03:12 -0800 (PST) John Hardin wrote: > On Tue, 24 Nov 2015, Reindl Harald wrote: > > > i would suggest when the Received header for the *first* untrusted > > hop > > Just so we're clear on first vs. last: the host that submitted the > mail to the most-remote MTA whose

Re: question re/ RDNS_NONE

On Tue, 24 Nov 2015, RW wrote: On Tue, 24 Nov 2015 12:03:12 -0800 (PST) John Hardin wrote: On Tue, 24 Nov 2015, Reindl Harald wrote: i would suggest when the Received header for the *first* untrusted hop Just so we're clear on first vs. last: the host that submitted the mail to the

Re: question re/ RDNS_NONE

On Tue, 24 Nov 2015 20:29:40 +0100 Reindl Harald wrote: > Am 24.11.2015 um 20:24 schrieb Matthias Apitz: > > El día Tuesday, November 24, 2015 a las 05:08:20PM +0100, Reindl > > Harald escribió: > >> i dunno why the OP is fetching his mail from his ISP and then feed > >> spamassassin with the

Re: question re/ RDNS_NONE

On Tue, 2015-11-24 at 17:08 +0100, Reindl Harald wrote: > > why not read the thread from thje first beginning? > What makes you think I didn't? Though I rather wish I hadn't. > i dunno why the OP is fetching his mail from his ISP and then feed > spamassassin with the mails local, *but* he

Re: question re/ RDNS_NONE

On Tue, 24 Nov 2015 15:15:17 -0800 (PST) John Hardin wrote: > On Tue, 24 Nov 2015, RW wrote: > > > On Tue, 24 Nov 2015 12:03:12 -0800 (PST) > > John Hardin wrote: > > > >> On Tue, 24 Nov 2015, Reindl Harald wrote: > >> > >>> i would suggest when the Received header for the *first* untrusted

Re: Re-4: A rule to check X-ASN header

My eventual goal is to test for "Has google in the sender name OR domain" and "is NOT from a ASN owned by Google". https://www.ultratools.com/tools/asnInfoResult?domainName=Google Am I'm not explaining myself correctly? ... nevertheless ... a valid DKIM signature by google is as good if not a

Re: question re/ RDNS_NONE

Am 24.11.2015 um 20:40 schrieb Matthias Apitz: El día Tuesday, November 24, 2015 a las 08:29:40PM +0100, Reindl Harald escribió: WHy you dunno this? My mail must arrive somewhere, from where I can fetch it with fetchmail+imap when I'm online again with my FreeBSD netbook or my Ubuntu mobile

Re: question re/ RDNS_NONE

>From: Bill Cole >Sent: Tuesday, November 24, 2015 1:41 PM >To: users@spamassassin.apache.org >Subject: Re: question re/ RDNS_NONE >On 24 Nov 2015, at 13:47, David Jones wrote: >> Could this be dependent on the MTA used? I am using Postfix >> which puts

Re: question re/ RDNS_NONE

On 24 Nov 2015, at 14:54, David Jones wrote: From: Bill Cole Sent: Tuesday, November 24, 2015 1:41 PM To: users@spamassassin.apache.org Subject: Re: question re/ RDNS_NONE On 24 Nov 2015, at 13:47, David Jones wrote: Could this be dependent on the

Re: question re/ RDNS_NONE

Am 24.11.2015 um 20:36 schrieb David Jones: From: Reindl Harald Sent: Tuesday, November 24, 2015 1:20 PM To: users@spamassassin.apache.org Subject: Re: question re/ RDNS_NONE Am 24.11.2015 um 20:16 schrieb David Jones: From: Reindl Harald

Re: question re/ RDNS_NONE

On Tue, 24 Nov 2015, Reindl Harald wrote: i would suggest when the Received header for the *first* untrusted hop Just so we're clear on first vs. last: the host that submitted the mail to the most-remote MTA whose headers you trust. don't contain a reverse dns information *and only then*

Re: question re/ RDNS_NONE

On November 25, 2015 12:15:45 AM John Hardin wrote: It would be the last relay into the internal network, if it's from an untrusted server. The edge of the trusted network may be a submission server. You don't trust the headers your submission server generates?

Re: question re/ RDNS_NONE

El día Tuesday, November 24, 2015 a las 08:27:45PM +0100, Edda escribió: > Anyway, for the moment, here's the patch, diff is on version 3.4.1: > > Rule (I tested it as a simple rule in local.cf, sure one can combine it > with RDNS_NONE): > > ifplugin Mail::SpamAssassin::Plugin::DNSEval > >

Re: question re/ RDNS_NONE

>From: RW >Sent: Sunday, November 22, 2015 3:23 PM >To: users@spamassassin.apache.org >Subject: Re: question re/ RDNS_NONE >On Sun, 22 Nov 2015 13:39:49 + >David Jones wrote: >> https://wiki.apache.org/spamassassin/Rules/RDNS_NONE >> >> RDNS_NONE checks more than

Re: question re/ RDNS_NONE

Am 24.11.2015 um 17:03 schrieb Martin Gregorie: On Tue, 2015-11-24 at 14:59 +0100, Reindl Harald wrote: the topic is about the IP vom the Received-header of the trusted IP, in other words about the non-trusted machine delivered the message to the ISP I'm curious: if you're willing to trust

Re: question re/ RDNS_NONE

Am 24.11.2015 um 19:47 schrieb David Jones: Could this be dependent on the MTA used? I am using Postfix which puts in Received headers like this: Received: from econnect.dmsgs.com (unknown [8.224.216.57]) That IP has a PTR record but it doesn't match the SMTP HELO of econnect.dmsgs.com so

Re: question re/ RDNS_NONE

>From: Reindl Harald >Sent: Tuesday, November 24, 2015 1:01 PM >To: users@spamassassin.apache.org >Subject: Re: question re/ RDNS_NONE >Am 24.11.2015 um 19:47 schrieb David Jones: >> Could this be dependent on the MTA used? I am using Postfix >> which puts in Received

Re: question re/ RDNS_NONE

Am 24.11.2015 um 20:16 schrieb David Jones: From: Reindl Harald and that is why i call it harmful to completly rely on the Received header instead doing the DNS lookup based on the IP which would have a lot of advantages: * less error prone * even when the MTA had a

Re: question re/ RDNS_NONE

El día Tuesday, November 24, 2015 a las 05:08:20PM +0100, Reindl Harald escribió: > i dunno why the OP is fetching his mail from his ISP and then feed > spamassassin with the mails local, WHy you dunno this? My mail must arrive somewhere, from where I can fetch it with fetchmail+imap when I'm

Re: question re/ RDNS_NONE

Am 24.11.15 um 14:40 schrieb Matthias Apitz: El día Tuesday, November 24, 2015 a las 01:47:23PM +0100, Reindl Harald escribió: On 24.11.15 13:24, Reindl Harald wrote: on the other hand why can't SA not do the lookup for the IP of "Received: from [140.211.11.3]" given that it does a lot of

Re: question re/ RDNS_NONE

Am 24.11.2015 um 20:24 schrieb Matthias Apitz: El día Tuesday, November 24, 2015 a las 05:08:20PM +0100, Reindl Harald escribió: i dunno why the OP is fetching his mail from his ISP and then feed spamassassin with the mails local, WHy you dunno this? My mail must arrive somewhere, from

Re: question re/ RDNS_NONE

>From: Reindl Harald >Sent: Tuesday, November 24, 2015 1:20 PM >To: users@spamassassin.apache.org >Subject: Re: question re/ RDNS_NONE >Am 24.11.2015 um 20:16 schrieb David Jones: >>> From: Reindl Harald >>> and that is why i call it harmful to

Re: question re/ RDNS_NONE

Am 24.11.2015 um 20:27 schrieb Edda: Am 24.11.15 um 14:40 schrieb Matthias Apitz: El día Tuesday, November 24, 2015 a las 01:47:23PM +0100, Reindl Harald escribió: On 24.11.15 13:24, Reindl Harald wrote: on the other hand why can't SA not do the lookup for the IP of "Received: from

Re: question re/ RDNS_NONE

El día Tuesday, November 24, 2015 a las 08:29:40PM +0100, Reindl Harald escribió: > > WHy you dunno this? My mail must arrive somewhere, from where I can > > fetch it with fetchmail+imap when I'm online again with my FreeBSD netbook > > or > > my Ubuntu mobile phone > > normally a sane ISP

Re: question re/ RDNS_NONE

On 24 Nov 2015, at 13:47, David Jones wrote: Could this be dependent on the MTA used? I am using Postfix which puts in Received headers like this: Received: from econnect.dmsgs.com (unknown [8.224.216.57]) That IP has a PTR record but it doesn't match the SMTP HELO of econnect.dmsgs.com so

Re: question re/ RDNS_NONE

>From: Bill Cole >Sent: Tuesday, November 24, 2015 3:31 PM >To: users@spamassassin.apache.org >Subject: Re: question re/ RDNS_NONE >On 24 Nov 2015, at 14:54, David Jones wrote: >>> From: Bill Cole >>> Sent:

Re: question re/ RDNS_NONE

Am 24.11.2015 um 11:30 schrieb Benny Pedersen: Matthias Apitz skrev den 2015-11-24 11:22: As I get all my mails with this missing rDNS symbol in the Received: line, I have only two options: unconfigure the RDNS_NONE test or change the ISP. two options: 1: make spamassassin exceptions for

Re: question re/ RDNS_NONE

El día Tuesday, November 24, 2015 a las 11:30:31AM +0100, Benny Pedersen escribió: > Matthias Apitz skrev den 2015-11-24 11:22: > > > As I get all my mails with this missing rDNS symbol in the Received: > > line, I have only two options: unconfigure the RDNS_NONE test or change > > the ISP. >

Re: question re/ RDNS_NONE

Matthias Apitz skrev den 2015-11-24 11:22: As I get all my mails with this missing rDNS symbol in the Received: line, I have only two options: unconfigure the RDNS_NONE test or change the ISP. two options: 1: make spamassassin exceptions for the faulty isp headers so rdns_none does not

Re: question re/ RDNS_NONE

Am 24.11.2015 um 11:51 schrieb Benny Pedersen: Matthias Apitz skrev den 2015-11-24 11:36: Do you really understood that the Exim in question runs on a server of my ISP which is not under my control? if i was a isp, would never have used exim for a mta with so many users how does that

Re: question re/ RDNS_NONE

El día Saturday, November 21, 2015 a las 06:57:41PM +, RW escribió: > RDNS_NONE simply means that the received header on the edge of your > internal network (i.e. the MX header) didn't record the rDNS of the > connecting host. > > Typically this means there it has no RDNS, but it can also

Re: question re/ RDNS_NONE

Matthias Apitz skrev den 2015-11-24 11:36: Do you really understood that the Exim in question runs on a server of my ISP which is not under my control? if i was a isp, would never have used exim for a mta with so many users, so option 1 is still left :=) just not worth to solve in

Re: question re/ RDNS_NONE

Am 24.11.2015 um 12:29 schrieb Benny Pedersen: Reindl Harald skrev den 2015-11-24 11:56: it's the exim of the ISP with old version of exim it's still the exim of the ISP it's the exim of the ISP with old version of exim it's still the exim of the ISP again disable of rdns_none is

Re: question re/ RDNS_NONE

On Tue, 24 Nov 2015 11:22:20 +0100 Matthias Apitz wrote: > I have contacted the support of my ISP and phoned them today: the > hotline guy said, that the technican not even understood the problem > and why there should be together with the IP a rDNS, and why I can't > do the lookup by my own,

Re: question re/ RDNS_NONE

Am 24.11.2015 um 13:00 schrieb RW: On Tue, 24 Nov 2015 11:22:20 +0100 Matthias Apitz wrote: I have contacted the support of my ISP and phoned them today: the hotline guy said, that the technican not even understood the problem and why there should be together with the IP a rDNS, and why I

Re: question re/ RDNS_NONE

Reindl Harald skrev den 2015-11-24 11:56: it's the exim of the ISP with old version of exim it's the exim of the ISP with old version of exim again disable of rdns_none is not the solution, so why fokus on that? because *it is* the solution damned when "make spamassassin exceptions

Re: question re/ RDNS_NONE

Thank you both, please stop this pissing contest. On 24-11-15 12:35, Reindl Harald wrote: > > > Am 24.11.2015 um 12:29 schrieb Benny Pedersen: >> Reindl Harald skrev den 2015-11-24 11:56: >> >>> it's the exim of the ISP >> >> with old version of exim > > it's still the exim of the ISP > >>>

Re: question re/ RDNS_NONE

On Tue, 24 Nov 2015 11:22:20 +0100 Matthias Apitz wrote: I have contacted the support of my ISP and phoned them today: the hotline guy said, that the technican not even understood the problem and why there should be together with the IP a rDNS, and why I can't do the lookup by my own, :-(

Re: question re/ RDNS_NONE

Am 24.11.2015 um 13:38 schrieb Matus UHLAR - fantomas: On Tue, 24 Nov 2015 11:22:20 +0100 Matthias Apitz wrote: I have contacted the support of my ISP and phoned them today: the hotline guy said, that the technican not even understood the problem and why there should be together with the IP a

Re: question re/ RDNS_NONE

El día Tuesday, November 24, 2015 a las 01:47:23PM +0100, Reindl Harald escribió: > > On 24.11.15 13:24, Reindl Harald wrote: > >> on the other hand why can't SA not do the lookup for the IP of > >> "Received: from [140.211.11.3]" given that it does a lot of dns > >> lookups anyway? > > > > just

Re: question re/ RDNS_NONE

On 11/24/2015 02:40 PM, Matthias Apitz wrote: El día Tuesday, November 24, 2015 a las 01:47:23PM +0100, Reindl Harald escribió: On 24.11.15 13:24, Reindl Harald wrote: on the other hand why can't SA not do the lookup for the IP of "Received: from [140.211.11.3]" given that it does a lot of

Re: question re/ RDNS_NONE

Am 24.11.2015 um 14:57 schrieb Martin Gregorie: On Tue, 2015-11-24 at 12:00 +, RW wrote: On Tue, 24 Nov 2015 11:22:20 +0100 Matthias Apitz wrote: I have contacted the support of my ISP and phoned them today: the hotline guy said, that the technican not even understood the problem and

Re: question re/ RDNS_NONE

On 11/24/2015 02:46 PM, Axb wrote: On 11/24/2015 02:40 PM, Matthias Apitz wrote: El día Tuesday, November 24, 2015 a las 01:47:23PM +0100, Reindl Harald escribió: On 24.11.15 13:24, Reindl Harald wrote: on the other hand why can't SA not do the lookup for the IP of "Received: from

Re: question re/ RDNS_NONE

On Tue, 2015-11-24 at 12:00 +, RW wrote: > On Tue, 24 Nov 2015 11:22:20 +0100 > Matthias Apitz wrote: > > > > I have contacted the support of my ISP and phoned them today: the > > hotline guy said, that the technican not even understood the > > problem > > and why there should be together