an incomming e-mail was tagged by SpamAssasin because of an RBL check. But I think this is not correct. SA did the RBL check on the IP from the client host 80.142.228.8 (which is indeed a dial-up host and therefore listed in the RBL)
Um, look at the RBL hits again.
SA skips the "first hop" for dialup RBLs.. however, this guy was listed in real blacklists, and those don't have any "notfirsthop" restrictions.
RCVD_IN_DSBL (2.6 points) RBL: Received via a relay in list.dsbl.org [RBL check: found 8.228.142.80.list.dsbl.org.]
RCVD_IN_NJABL (0.9 points) RBL: Received via a relay in
dnsbl.njabl.org [RBL check: found 8.228.142.80.dnsbl.njabl.org.,] [type: 127.0.0.3]
See the notes at DSBL: http://dsbl.org/listing?80.142.228.8 They report it as a verified singlehop relay.
As for NJABL, yes, it reported because it's a dialup, however the heavy hitter "RCVD_IN_NJABL_DIALUP" is skipped because it's a dialup.
Also, in current versions of SA (2.63) the score of the base rule, RCVD_IN_NJABL is forced to 0.100 because it false hits dialups.
Upgrade your SA to fix the NJABL score problem.
but I think SA must do the check on the mailserver fmrl11.sul.t-online.com which is the first one appearing after "by ..." in the received-trail.
Why on earth would it do that????
Of course it's going to check the hosts in the "from" half of Received trail.
It would be *COMPLETELY* broken to not check the from half. No, really, completely, 100% broken.
I am a little bit confused. Is this a bug ... or a feature ;-) ?
Yes, you're definitely confused. The bulk of the DNSBL points are not dialup related, and the points that are dialup related would have been avoided if you were running a current release of SA.
