I'm running SpamAssassin 2.60 on a public IP (not NATed) and none of the
-notfirsthop rules (including RCVD_IN_DYNABLOCK) have worked correctly for
me, either. For reference I'm also running Sendmail and Spamass-milter
0.2.0. Here are the headers from an email that *should* have matched the
rule:
Received: from katie.darklegacies.com (pcp044858pcs.trnrsv01.nj.comcast.net
[68.46.27.0])
by mail-gateway.metrologic.com (8.12.8/8.12.8) with ESMTP id
hA3GIq7M006336
for <[EMAIL PROTECTED]>; Mon, 3 Nov 2003 11:18:53 -0500
Received: from katie.darklegacies.com (katie.darklegacies.com [127.0.0.1])
by katie.darklegacies.com (8.12.9/8.12.9) with ESMTP id
hA3GIP00087833
for <[EMAIL PROTECTED]>; Mon, 3 Nov 2003 11:18:26 -0500 (EST)
(envelope-from [EMAIL PROTECTED])
Received: from localhost ([EMAIL PROTECTED])
by katie.darklegacies.com (8.12.9/8.12.9/Submit) with ESMTP id
hA3GIPq0087830
for <[EMAIL PROTECTED]>; Mon, 3 Nov 2003 11:18:25 -0500 (EST)
(envelope-from [EMAIL PROTECTED])
Date: Mon, 3 Nov 2003 11:18:25 -0500 (EST)
From: Brian <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: testing
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=no
version=2.60
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
mail-gateway.metrologic.com
When querying Dynablock:
katie> host 0.27.46.68.dynablock.easynet.nl.
0.27.46.68.dynablock.easynet.nl is a nickname for
dsl-cable-dhcp-dialup.ip.dynablock.easynet.nl
dsl-cable-dhcp-dialup.ip.dynablock.easynet.nl has address 127.0.0.2
While in this case it fails to detect that the email originated from a
dynamic IP, I have other cases where mail sent through Earthlink's SMTP
servers are falsely detected:
Received: from cardinal.mail.pas.earthlink.net
(cardinal.mail.pas.earthlink.net [207.217.121.226])
by mail-gateway.metrologic.com (8.12.8/8.12.8) with ESMTP id
hA3FuG7M004138
for <[EMAIL PROTECTED]>; Mon, 3 Nov 2003 10:56:16 -0500
Received: from dialup-67.29.206.216.dial1.cincinnati1.level3.net
([67.29.206.216] helo=someone)
by cardinal.mail.pas.earthlink.net with smtp (Exim 3.33 #1)
id 1AGh3s-0001aE-00
for [EMAIL PROTECTED]; Mon, 03 Nov 2003 07:56:13 -0800
From: "A Person" <[EMAIL PROTECTED]>
To: "Brian" <[EMAIL PROTECTED]>
Subject: Something
Date: Mon, 3 Nov 2003 10:57:08 -0500
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Spam-Status: No, hits=-4.6 required=5.0
tests=BAYES_00,HTML_FONTCOLOR_BLUE,
HTML_MESSAGE,RCVD_IN_DYNABLOCK autolearn=no version=2.60
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
mail-gateway.metrologic.com
When querying Dynablock:
katie> host 226.121.217.207.dynablock.easynet.nl
Host not found.
Any thoughts?
Brian
-----Original Message-----
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 10:36 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [SAtalk] RCVD_IN_DYNABLOCK FP?
At 02:57 AM 11/3/2003, Justin Mason wrote:
>Pedro Sam writes:
> >I'm just wondering why RCVD_IN_DYNABLOCK was a hit, when I sent a
> >email
> from
> >my localhost 192.168.2.125 with kmail using the SMTP server at
> >mail.student.cs.uwaterloo.ca to address [EMAIL PROTECTED]
> >
> >This is the proper way of sending email from a cable IP right? to
> >use a
> smtp
> >server from a static well respected IP?
>
>Should be -- I would guess it may be that SpamAssassin can't parse the
>"good" received line, so misses it.
This could be an example of bug 2537... note that his IP is a non-routable
one..
Pedro, did you set your trusted_networks variable in your local.cf? since
your localhost is using a 192.168.*.* IP address SA cannot automatically
infer which relays are trusted.. this causes the unexpected side-effect of
causing SA to check _every_ IP address against dynablock.
http://bugzilla.spamassassin.org/show_bug.cgi?id=2537
add this to your local.cf and see if it fixes your problem:
trusted_networks 192.168.2.125/32
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
