-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Matt Kettler writes: > [EMAIL PROTECTED] wrote: > > I'm using SpamAssassin version 3.1.0 with default options, and have > > run into a serious false positive problem. When I receive mail from > > one of my correspondents, I get Received: lines like this one: > > > > Received: from adsl-71-133-227-154.dsl.pltn13.pacbell.net > > (71.133.227.154) (HELO genstor.com) > > (TLSv1/SSLv3 DHE-RSA-AES256-SHA 256/256) > > by scs.stanford.edu with SMTP; > > for [EMAIL PROTECTED]; > > Wed, 07 Dec 2005 14:39:46 -0800 (PST) > > > > That line alone is enough to flag a message as spam. It hits 3 > > different rules: > > > > 2.7 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP) > > 3.3 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC) > > 3.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr > > 1) > > > > While I agree that maybe mail received from a DSL line like the above > > should get a few points, it seems unreasonable to push it so far above > > the default 5-point threshold--particularly when nothing else in the > > message hit any rules. > > > > A friend has suggested this may be a bug in the way that SpamAssassin > > parses the Received header. Is this, in fact, a bug in SpamAssassin? > > Or is my SMTP server generating Received: headers using an > > incorrect format? (I don't see anything prohibiting that format in > > RFC 2822.) > > > No, I think this is outright ordinary. You directly got the mail from a DSL > node. Normally the parsing or trust-path problems would cause these rules to > fire for all DSL nodes, including those relayed through the ISP mailserver. > > In general SA (and most of the civilized world) assumes your server should > never > directly receive mail *directly* from a "home user" type system, and those > should be relayed through the ISP servers. actually, there may be a problem; it looks like SpamAssassin is treating "adsl-71-133-227-154.dsl.pltn13.pacbell.net" as the HELO string, instead of 'genstor.com'. - --j. > Some questions: > > If it is a dynamic-ip home user, why aren't they using pacbell's SMTP server? > > If it's a static-IP business user, why haven't they asked pacbel to set their > RDNS? Why have they left it the generic "nobody has really set this up for use > as a server site" values? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Exmh CVS iD8DBQFDl6BDMJF5cimLx9ARApNKAJ0WsZnCu77MByxAK0hiFELaTEiUlACggK9k HCkzhHJ5+tzME21n6HAsyIY= =mMgm -----END PGP SIGNATURE-----
