http://bugzilla.spamassassin.org/show_bug.cgi?id=3496
Summary: rbl checks being applied to first hop
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Rules (Eval Tests)
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
I've got local mail sent from a local client - through our smtp server. Client
ip is on the dialup/dynamic rbls. SA is getting hits on those rbls.
The only log entries that seem interesting are the ones from SPF that say it was
delivered entirely by trusted relays, and the one about being unable to parse
IPv4 address...
Am I misunderstanding something here? this behavior does not exist in a trunk
snapshot from 2004-03-29.
Here's the trace from spamd:
Jun 9 16:30:18 spamtest spamd[8224]: got connection over
/local/spamassassin/tmp/spamd.sock
Jun 9 16:30:18 spamtest spamd[8224]: debug: Conf::SQL: executing SQL: select
preference, value from userpref where username = '[EMAIL PROTECTED]' or
username = '@GLOBAL' order by username asc
Jun 9 16:30:18 spamtest spamd[8224]: debug: retrieving prefs for
[EMAIL PROTECTED] from SQL server
Jun 9 16:30:18 spamtest spamd[8224]: debug: user has changed
Jun 9 16:30:18 spamtest spamd[8224]: debug: Score set 1 chosen.
Jun 9 16:30:18 spamtest spamd[8224]: processing message
<[EMAIL PROTECTED]> for [EMAIL PROTECTED]:23236.
Jun 9 16:30:18 spamtest spamd[8224]: debug: received-header: could not parse
IPv4 address, assuming IPv6
Jun 9 16:30:18 spamtest spamd[8224]: debug: received-header: parsed as [
ip=131.151.93.80 rdns=r08itlaptop.ddns.umr.edu helo=me.umr.edu by=smtp.umr.edu
ident= envfrom= intl=0 id=i59LSfHF025467 ]
Jun 9 16:30:18 spamtest spamd[8224]: debug: is Net::DNS::Resolver available?
yes
Jun 9 16:30:18 spamtest spamd[8224]: debug: Net::DNS version: 0.38
Jun 9 16:30:18 spamtest spamd[8224]: debug: looking up A records for
'smtp.umr.edu'
Jun 9 16:30:18 spamtest spamd[8224]: debug: A records for 'smtp.umr.edu':
131.151.1.120 131.151.1.89
Jun 9 16:30:18 spamtest spamd[8224]: debug: received-header: 'from'
131.151.93.80 is near to first 'by'
Jun 9 16:30:18 spamtest spamd[8224]: debug: received-header: relay
131.151.93.80 trusted? yes internal? no
Jun 9 16:30:18 spamtest spamd[8224]: debug: metadata: X-Spam-Relays-Trusted: [
ip=131.151.93.80 rdns=r08itlaptop.ddns.umr.edu helo=me.umr.edu by=smtp.umr.edu
ident= envfrom= intl=0 id=i59LSfHF025467 ]
Jun 9 16:30:18 spamtest spamd[8224]: debug: metadata: X-Spam-Relays-Untrusted:
Jun 9 16:30:18 spamtest spamd[8224]: debug: ---- MIME PARSER START ----
Jun 9 16:30:18 spamtest spamd[8224]: debug: main message type: text/plain
Jun 9 16:30:18 spamtest spamd[8224]: debug: parsing normal part
Jun 9 16:30:18 spamtest spamd[8224]: debug: added part, type: text/plain
Jun 9 16:30:18 spamtest spamd[8224]: debug: ---- MIME PARSER END ----
Jun 9 16:30:18 spamtest spamd[8224]: debug: decoding: no encoding detected
Jun 9 16:30:18 spamtest spamd[8224]: debug: Message too short for language
analysis
Jun 9 16:30:18 spamtest spamd[8224]: debug: is Net::DNS::Resolver available?
yes
Jun 9 16:30:18 spamtest spamd[8224]: debug: Net::DNS version: 0.38
Jun 9 16:30:18 spamtest spamd[8224]: debug: all '*From' addrs: [EMAIL
PROTECTED]
Jun 9 16:30:18 spamtest spamd[8224]: debug: Running tests for priority: 0
Jun 9 16:30:18 spamtest spamd[8224]: debug: running header regexp tests; score
so far=0
Jun 9 16:30:18 spamtest spamd[8224]: debug: all '*To' addrs: [EMAIL PROTECTED]
Jun 9 16:30:18 spamtest spamd[8224]: debug: SPF: message was delivered entirely
via trusted relays, not required
Jun 9 16:30:18 spamtest spamd[8224]: debug: SPF: message was delivered entirely
via trusted relays, not required
Jun 9 16:30:18 spamtest spamd[8224]: debug: running body-text per-line regexp
tests; score so far=-0.714
Jun 9 16:30:18 spamtest spamd[8224]: debug: running uri tests; score so
far=-0.714
Jun 9 16:30:19 spamtest spamd[8224]: debug: Razor2 is available
Jun 9 16:30:19 spamtest spamd[8224]: debug: entering helper-app run mode
Jun 9 16:30:19 spamtest spamd[8224]: debug: Using results from Razor v2.36
Jun 9 16:30:19 spamtest spamd[8224]: debug: Found Razor2 part: part=0 engine=4
ct=0 cf=0
Jun 9 16:30:19 spamtest spamd[8224]: debug: leaving helper-app run mode
Jun 9 16:30:19 spamtest spamd[8224]: debug: Razor2 results: spam? 0 highest cf
score: 0
Jun 9 16:30:19 spamtest spamd[8224]: debug: running raw-body-text per-line
regexp tests; score so far=-0.714
Jun 9 16:30:19 spamtest spamd[8224]: debug: running full-text regexp tests;
score so far=-0.714
Jun 9 16:30:19 spamtest spamd[8224]: debug: Pyzor is not available: pyzor not
found
Jun 9 16:30:19 spamtest spamd[8224]: debug: DCCifd is available:
/local/dcc/redhat9/dccifd
Jun 9 16:30:19 spamtest spamd[8224]: debug: entering helper-app run mode
Jun 9 16:30:19 spamtest spamd[8224]: debug: DCCifd: got response:
X-DCC-UMR-Metrics: spamtest.cc.umr.edu 1057; Body=0
Jun 9 16:30:19 spamtest spamd[8224]: debug: leaving helper-app run mode
Jun 9 16:30:19 spamtest spamd[8224]: debug: Razor2 is available
Jun 9 16:30:19 spamtest spamd[8224]: debug: Running tests for priority: 500
Jun 9 16:30:20 spamtest spamd[8224]: debug: RBL: success for 6 of 6 queries
Jun 9 16:30:20 spamtest spamd[8224]: debug: running meta tests; score so
far=2.457
Jun 9 16:30:20 spamtest spamd[8224]: debug: running header regexp tests; score
so far=2.457
Jun 9 16:30:20 spamtest spamd[8224]: debug: running body-text per-line regexp
tests; score so far=2.457
Jun 9 16:30:20 spamtest spamd[8224]: debug: running uri tests; score so
far=2.457
Jun 9 16:30:20 spamtest spamd[8224]: debug: running raw-body-text per-line
regexp tests; score so far=2.457
Jun 9 16:30:20 spamtest spamd[8224]: debug: running full-text regexp tests;
score so far=2.457
Jun 9 16:30:20 spamtest spamd[8224]: debug: Running tests for priority: 1000
Jun 9 16:30:20 spamtest spamd[8224]: debug: running meta tests; score so
far=2.457
Jun 9 16:30:20 spamtest spamd[8224]: debug: running header regexp tests; score
so far=2.457
Jun 9 16:30:20 spamtest spamd[8224]: debug: SQL Based AWL: Connected to
DBI:mysql:spamd:localhost
Jun 9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based)
get_addr_entry: No entry found for [EMAIL PROTECTED]|ip=131.151
Jun 9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based):
[EMAIL PROTECTED]|ip=131.151 scores 0/0
Jun 9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based)
get_addr_entry: No entry found for [EMAIL PROTECTED]|ip=none
Jun 9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based):
[EMAIL PROTECTED]|ip=none scores 0/0
Jun 9 16:30:21 spamtest spamd[8224]: debug: AWL active, pre-score: 2.457,
autolearn score: 2.457, mean: undef, IP: 131.151.93.80
Jun 9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based)
add_score: Created new entry for [EMAIL PROTECTED]|ip=131.151 with totscore:
2.457
Jun 9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based) finish:
Disconnected from DBI:mysql:spamd:localhost
Jun 9 16:30:21 spamtest spamd[8224]: debug: Post AWL score: 2.457
Jun 9 16:30:21 spamtest spamd[8224]: debug: running body-text per-line regexp
tests; score so far=2.457
Jun 9 16:30:21 spamtest spamd[8224]: debug: running uri tests; score so
far=2.457
Jun 9 16:30:21 spamtest spamd[8224]: debug: running raw-body-text per-line
regexp tests; score so far=2.457
Jun 9 16:30:21 spamtest spamd[8224]: debug: running full-text regexp tests;
score so far=2.457
Jun 9 16:30:21 spamtest spamd[8224]: debug: is spam? score=2.457 required=5
Jun 9 16:30:21 spamtest spamd[8224]: debug:
tests=ALL_TRUSTED,MISSING_HEADERS,NO_REAL_NAME,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL
Jun 9 16:30:21 spamtest spamd[8224]: debug:
subtests=__HAS_MSGID,__HAS_SUBJECT,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__TM2_MISC_DATA
Jun 9 16:30:22 spamtest spamd[8224]: clean message (2.5/5.0) for
[EMAIL PROTECTED]:23236 in 4.4 seconds, 516 bytes.
Jun 9 16:30:22 spamtest spamd[8224]: result: . 2 -
ALL_TRUSTED,MISSING_HEADERS,NO_REAL_NAME,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL
scantime=4.4,size=516,mid=<[EMAIL PROTECTED]>,autolearn=disabled
Jun 9 16:30:22 spamtest qmail: 1086816622.905790 delivery 30: success:
131.151.1.113_accepted_message./Remote_host_said:_250_2.6.0__<[EMAIL
PROTECTED]>_Queued_mail_for_delivery/
Jun 9 16:30:22 spamtest qmail: 1086816622.921209 status: local 0/10 remote 0/25
Jun 9 16:30:22 spamtest qmail: 1086816622.931961 end msg 237735
And here are the message headers:
Received: from umr-msxproto2.umr.edu ([131.151.1.113]) by umr-mail11.umr.edu
with Microsoft SMTPSVC(6.0.3790.0);
Wed, 9 Jun 2004 16:30:23 -0500
Received: from spamtest.cc.umr.edu ([131.151.0.89]) by umr-msxproto2.umr.edu
with Microsoft SMTPSVC(6.0.3790.0);
Wed, 9 Jun 2004 16:30:22 -0500
Received: (qmail 9032 invoked from network); 9 Jun 2004 21:30:17 -0000
Received: from unknown (HELO smtp.umr.edu) (unknown)
by unknown with SMTP; 9 Jun 2004 21:30:17 -0000
Received: from me.umr.edu (r08itlaptop.ddns.umr.edu [131.151.93.80])
by smtp.umr.edu (8.12.11/) with SMTP id i59LSfHF025467
for <[EMAIL PROTECTED]>; Wed, 9 Jun 2004 16:29:34 -0500
Date: Wed, 9 Jun 2004 16:28:41 -0500
From: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
Subject: fake mail
X-Spam-Level: **
X-Spam-Status: No, score=2.5 required=5.0 tests=ALL_TRUSTED,MISSING_HEADERS,
NO_REAL_NAME,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL autolearn=disabled
version=3.0.0-r20550
X-Spam-Checker-Version: SpamAssassin 3.0.0-r20550 (2004-05-28) on
spamtest.cc.umr.edu
X-Spam-DCC: UMR: spamtest.cc.umr.edu 1057; Body=0
Bcc:
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 09 Jun 2004 21:30:22.0834 (UTC)
FILETIME=[F8A4ED20:01C44E68]
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
