Hi, Ryan. I know just what your problem is. :) You can find my solution posted to the list at http://article.gmane.org/gmane.mail.spam.spamassassin.general/36778/. It's hard to find on Google for some reason. The spamass-milter code in their CVS has since been updated to fix this bug, but they have not yet put out another official release. Since you're the second person to ask about this I'll add it to the SpamAssassin wiki.
Brian -----Original Message----- From: Ryan Thompson [mailto:[EMAIL PROTECTED] Sent: Friday, July 09, 2004 12:06 PM To: [EMAIL PROTECTED] Subject: More DYNABLOCK / trusted_networks OK... So this topic is an oldie, but a goodie. :-) I couldn't find this scenario in the Wiki or Google. System: SA2.63, spamass-milter, sendmail, FreeBSD 4.9 We had a FP reported this morning mostly as the result of a RCVD_IN_DYNABLOCK misfire. Here are the Received: headers as produced by spamassassin -d : >From [EMAIL PROTECTED] Fri Jul 9 09:38:15 2004 Return-Path: <[EMAIL PROTECTED]> Received: from hotmail.com (bay22-dav15.bay22.hotmail.com [64.4.16.195]) by earl.sasknow.net (8.12.9p2/8.12.9) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 8 Jul 2004 21:45:40 -0700 Received: from 64.110.200.117 by bay22-dav15.bay22.hotmail.com with DAV; Fri, 09 Jul 2004 04:45:40 +0000 X-Originating-IP: [64.110.200.117] 64.110.200.117 does indeed belong to a dialup block of a local ISP. However, they did correctly relay through Hotmail. Running this through spamassassin -D -t , I saw (among other things), the following: debug: looking up PTR record for '64.110.200.117' debug: PTR for '64.110.200.117': 'hsdbrg64-110-200-117.sasknet.sk.ca' debug: received-header: parsed as [ ip=64.110.200.117 rdns=hsdbrg64-110-200-117.sasknet.sk.ca helo= by=bay22-dav15.bay22.hotmail.com ident= ] debug: received-header: relay 64.110.200.117 trusted? no debug: all '*From' addrs: [EMAIL PROTECTED] debug: running header regexp tests; score so far=0 debug: running body-text per-line regexp tests; score so far=0.799 debug: bayes corpus size: nspam = 18020, nham = 12410 debug: uri tests: Done uriRE [... snip several debug: tokenize: lines ...] debug: tokenize: header tokens for *r = " 64.110.200 by bay22-dav15.bay22.hotmail.com DAV; " debug: tokenize: header tokens for *r = " 64.110.200 by bay22-dav15.bay22.hotmail.com DAV; mail pickup service by hotmail.com Microsoft SMTPSVC; " debug: time cannot be parsed: from hotmail.com (bay22-dav15.bay22.hotmail.com [64.4.16.195]) by earl.sasknow.net (8.12.9p2/8.12.9) The last line, there, caused me to think that the top Received: header was being ignored. earl.sasknow.net is our spam filter server, and it's in trusted_networks, too. We're using spamass-milter, and that's not the real Received: header that ends up in the final message. (The real one eventually contains the date, ESMTP ID, and some envelope information). Then, I manually appended a date to the top Received: header. The "time cannot be parsed" disappeared from the debug output, and the DYNABLOCK test (correctly) did not hit. Does anyone know offhand at what point that temporary Received: header is being added? I guess it needs some modification. - Ryan -- Ryan Thompson <[EMAIL PROTECTED]> SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America
