Hi! SpamAssassin version 3.1.3 is reporting a false positive if the sender (gmx address) has a dialup connection and the recepiant (also gmx address) uses fetchmail to pull the message from pop.gmx.net (see example below). The HELO_DYNAMIC rules apply because mail.gmx.net does not add authentication tokens to the recieved header, and because mail.gmx.net does not relay the message.
Is there a way to tell SA that I'm positive about mail.gmx.net to only allow authenticated connections, similar to trusted_networks? Adding mail.gmx.net to trusted_networks does not help. Or have I missed the point of HELO_DYNAMICs? Cheers Raimar Sandner =================================== example [9097] dbg: dns: is DNS available? 1 [9097] dbg: received-header: found fetchmail marker outside trusted area, ignored [9097] dbg: dns: looking up PTR record for '84.56.243.215' [9097] dbg: dns: PTR for '84.56.243.215': 'dslb-084-056-243-215.pools.arcor-ip.net' [9097] dbg: received-header: parsed as [ ip=84.56.243.215 rdns=dslb-084-056-243-215.pools.arcor-ip.net helo=dslb-084-056-243-215.pools.arcor-ip.net by=mail.gmx.net ident= envfrom= intl=0 id= auth= ] [9097] dbg: received-header: relay 84.56.243.215 trusted? no internal? no [9097] dbg: metadata: X-Spam-Relays-Trusted: [9097] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=84.56.243.215 rdns=dslb-084-056-243-215.pools.arcor-ip.net helo=dslb-084-056-243-215.pools.arcor-ip.net by=mail.gmx.net ident= envfrom= intl=0 id= auth= ] [9097] dbg: metadata: X-Spam-Relays-Internal: [9097] dbg: metadata: X-Spam-Relays-External: [ ip=84.56.243.215 rdns=dslb-084-056-243-215.pools.arcor-ip.net helo=dslb-084-056-243-215.pools.arcor-ip.net by=mail.gmx.net ident= envfrom= intl=0 id= auth= ] <snip> [9097] dbg: check: is spam? score=7.755 required=5.0 [9097] dbg: check: tests=BAYES_00,HELO_DYNAMIC_DHCP,HELO_DYNAMIC_IPADDR,RCVD_IN_NJABL_DUL,SPF_FAIL [9097] dbg: check: subtests=__CD,__CT,__CTYPE_HAS_BOUNDARY,__ENV_AND_HDR_FROM_MATCH,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__MIME_VERSION,__MSGID_OK_DIGITS,__NONEMPTY_BODY,__RCVD_IN_NJABL,__SANE_MSGID,__SARE_BODY_BLANKS_5_100,__SARE_BODY_BLNK_5_100,__SARE_HEAD_HDR_XGMXAV,__SARE_HEAD_MIME_VALID,__SARE_HEAD_RECV_GMX,__SARE_WHITELIST_FLAG,__TOCC_EXISTS,__USER_AGENT Content analysis details: (7.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 4.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr 1) 3.1 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP) 1.1 SPF_FAIL SPF: sender does not match SPF record (fail) [SPF failed: Please see http://www.openspf.org/why.html?sender=...%40gmx.de&ip=84.56.243.215&receiver=localhost] -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] 1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [84.56.243.215 listed in combined.njabl.org] Return-Path: <[EMAIL PROTECTED]> X-Flags: 0000 Delivered-To: GMX delivery to [EMAIL PROTECTED] Received: from pop.gmx.net [213.165.64.22] by localhost with POP3 (fetchmail-6.3.4) for <[EMAIL PROTECTED]> (single-drop); Thu, 06 Jul 2006 00:03:40 +0200 (CEST) Received: (qmail invoked by alias); 05 Jul 2006 22:03:21 -0000 Received: from dslb-084-056-243-215.pools.arcor-ip.net (EHLO localhost) [84.56.243.215] by mail.gmx.net (mp039) with SMTP; 06 Jul 2006 00:03:21 +0200 X-Authenticated: #3609755 Date: Thu, 6 Jul 2006 00:03:12 +0200 From: Raimar Sandner <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Test Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="nFreZHaLTZJo0R7j" Content-Disposition: inline User-Agent: Mutt/1.5.11 X-GMX-Antivirus: -1 (not scanned, may not use virus scanner) X-GMX-Antispam: -2 (not scanned, spam filter disabled) X-GMX-UID: TEbFK1cPMydyFcxBXWpl/+5raGRhZtpE =================================== end example