The cluster with which I am facing problem is different one. The node for which I am getting high spam score has the following details:
cloudemail5.cpgtest.ostinet.net (184.72.247.145) Can you please explain now? Thanks Ashish -----Original Message----- From: Joe Sniderman [mailto:joseph.snider...@thoroquel.org] Sent: Wednesday, February 08, 2012 10:53 PM To: users@spamassassin.apache.org Subject: Re: Getting high spam score for email server hosted on AWS instance On 02/08/2012 08:57 AM, Michael Scheidell wrote: > On 2/8/12 6:41 AM, Sharma, Ashish wrote: >> Hi, >> >> I have a mail server setup on an AWS instance. >> >> When I am sending mails via this setup to a test spamassassin setup >> that acts as an email receiver server, I am getting high spam scores >> as follows: >> >> [FROM_LOCAL_HEX=0.331, HTML_IMAGE_ONLY_24=1.282, HTML_MESSAGE=0.001, >> RCVD_ILLEGAL_IP=3.399, T_REMOTE_IMAGE=0.01, T_RP_MATCHES_RCVD=-0.01] >> autolearn=no >> >> >> As can be seen, the highest contributor is "RCVD_ILLEGAL_IP=3.399" > no, since the ip address in question is, by definition, an unroutable > ip, and should never be seen in a received list > (I am just guessing: > > Received: from G9W0725.americas.hpqcorp.net ([169.254.8.28]) by That should not be a problem in and of itself... 169.254.0.0/16 is intended for link-local.. (see RFCs 5735 and 3330) It might or might not be less than ideal to use addresses in 169.254.0.0/16 for the communication between one machine and a smarthost on a LAN, but far from illegal. 169.254.0.0/16 is also notably *not* mentioned in the wiki for RCVD_ILLEGAL_IP: http://wiki.apache.org/spamassassin/Rules/RCVD_ILLEGAL_IP All that said, RCVD_ILLEGAL_IP _used to_ hit on IPs 169.254.0.0/16, but AFAIK that changed with 3.3. See also: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6460 And: http://svn.apache.org/viewvc/spamassassin/branches/3.3/rules/20_head_tests.cf?view=markup#l423 # must keep it in sync with http://www.iana.org/assignments/ipv4-address-space/ header RCVD_ILLEGAL_IP X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?=\d+\.\d+\.\d+\.\d+ )(?:0|2(?:2[4-9]|[3-5]\d)|192\.0\.2|198\.51\.100|203\.0\.113)\./ describe RCVD_ILLEGAL_IP Received: contains illegal IP address IOW, 196.254.0.0/16 no longer matches as of 3.3 > You have a microsoft cluster, where microsoft thought it would be a good > idea to use 169.254.0.0/16 ip addresses?) Its really not that horrible an idea.. > Bring this up with microsoft, have them 'fix' this. Or better yet, the OP should bring it up with whoever is running the test spamassassin instance and get them to upgrade it. -- Joe Sniderman <joseph.snider...@thoroquel.org>
