Hi!
SpamAssassin version 3.1.3 is reporting a false positive if the
sender (gmx address) has a dialup connection and the recepiant (also
gmx address) uses fetchmail to pull the message from pop.gmx.net
(see example below). The HELO_DYNAMIC rules apply because mail.gmx.net
does not add authentication tokens to the recieved header, and because
mail.gmx.net does not relay the message.
Is there a way to tell SA that I'm positive about mail.gmx.net to
only allow authenticated connections, similar to trusted_networks?
Adding mail.gmx.net to trusted_networks does not help.
Or have I missed the point of HELO_DYNAMICs?
Cheers
Raimar Sandner
=================================== example
[9097] dbg: dns: is DNS available? 1
[9097] dbg: received-header: found fetchmail marker outside trusted area,
ignored
[9097] dbg: dns: looking up PTR record for '84.56.243.215'
[9097] dbg: dns: PTR for '84.56.243.215':
'dslb-084-056-243-215.pools.arcor-ip.net'
[9097] dbg: received-header: parsed as [ ip=84.56.243.215
rdns=dslb-084-056-243-215.pools.arcor-ip.net
helo=dslb-084-056-243-215.pools.arcor-ip.net by=mail.gmx.net ident= envfrom=
intl=0 id= auth= ]
[9097] dbg: received-header: relay 84.56.243.215 trusted? no internal? no
[9097] dbg: metadata: X-Spam-Relays-Trusted:
[9097] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=84.56.243.215
rdns=dslb-084-056-243-215.pools.arcor-ip.net
helo=dslb-084-056-243-215.pools.arcor-ip.net by=mail.gmx.net ident= envfrom=
intl=0 id= auth= ]
[9097] dbg: metadata: X-Spam-Relays-Internal:
[9097] dbg: metadata: X-Spam-Relays-External: [ ip=84.56.243.215
rdns=dslb-084-056-243-215.pools.arcor-ip.net
helo=dslb-084-056-243-215.pools.arcor-ip.net by=mail.gmx.net ident= envfrom=
intl=0 id= auth= ]
<snip>
[9097] dbg: check: is spam? score=7.755 required=5.0
[9097] dbg: check:
tests=BAYES_00,HELO_DYNAMIC_DHCP,HELO_DYNAMIC_IPADDR,RCVD_IN_NJABL_DUL,SPF_FAIL
[9097] dbg: check:
subtests=__CD,__CT,__CTYPE_HAS_BOUNDARY,__ENV_AND_HDR_FROM_MATCH,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__MIME_VERSION,__MSGID_OK_DIGITS,__NONEMPTY_BODY,__RCVD_IN_NJABL,__SANE_MSGID,__SARE_BODY_BLANKS_5_100,__SARE_BODY_BLNK_5_100,__SARE_HEAD_HDR_XGMXAV,__SARE_HEAD_MIME_VALID,__SARE_HEAD_RECV_GMX,__SARE_WHITELIST_FLAG,__TOCC_EXISTS,__USER_AGENT
Content analysis details: (7.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
4.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr
1)
3.1 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP)
1.1 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see
http://www.openspf.org/why.html?sender=...%40gmx.de&ip=84.56.243.215&receiver=localhost]
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[84.56.243.215 listed in combined.njabl.org]
Return-Path: <[EMAIL PROTECTED]>
X-Flags: 0000
Delivered-To: GMX delivery to [EMAIL PROTECTED]
Received: from pop.gmx.net [213.165.64.22]
by localhost with POP3 (fetchmail-6.3.4)
for <[EMAIL PROTECTED]> (single-drop); Thu, 06 Jul 2006 00:03:40 +0200
(CEST)
Received: (qmail invoked by alias); 05 Jul 2006 22:03:21 -0000
Received: from dslb-084-056-243-215.pools.arcor-ip.net (EHLO localhost)
[84.56.243.215]
by mail.gmx.net (mp039) with SMTP; 06 Jul 2006 00:03:21 +0200
X-Authenticated: #3609755
Date: Thu, 6 Jul 2006 00:03:12 +0200
From: Raimar Sandner <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Test
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="nFreZHaLTZJo0R7j"
Content-Disposition: inline
User-Agent: Mutt/1.5.11
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: -2 (not scanned, spam filter disabled)
X-GMX-UID: TEbFK1cPMydyFcxBXWpl/+5raGRhZtpE
=================================== end example
