Problem with TxRep's HELO handling

Franz Schwartau Wed, 17 Jun 2015 14:09:55 -0700

Hi!

A few days ago I replaced AWL with TxRep. From time to time I get
unusual high scores caused by TxRep since then.


So I started debugging the TxRep plugin a bit. The high scores are
caused by "HELO: localhost" after sa-learn of a spam mailbox.

In check_senders_reputation() line 1252 reads:

foreach my $rly ( @{$pms->{relays_trusted}}, @{$pms->{relays_untrusted}} ) {

Thus every relay parsed from Received headers is used. This leads to
$helo = 'localhost' (line 1256) if there is no from in a Received header.

Please see the attached log for details. Please note that the high
scores don't show up in this example. Don't get confused... ;-)

I don't get why TxRep evaluates every relay in line 1252 and following.
Shouldn't it just use the latest relay?

        Best regards
                Franz

     1  $rly = {'as_string' => '[ ip=209.85.212.175 
rdns=mail-wi0-f175.google.com helo=mail-wi0-f175.google.com by=mx1.domain.com 
ident= envfrom=ale...@price2spy.com intl=0 id=t5HJ97If029681 auth= msa=0 
]','lc_rdns' => 'mail-wi0-f175.google.com','rdns' => 
'mail-wi0-f175.google.com','ip' => '209.85.212.175','lc_by' => 
'mx1.domain.com','envfrom' => 'ale...@price2spy.com','ip_private' => '','ident' 
=> '','id' => 't5HJ97If029681','helo' => 'mail-wi0-f175.google.com','internal' 
=> 0,'auth' => '','lc_helo' => 'mail-wi0-f175.google.com','by' => 
'mx1.domain.com','msa' => 0};
     2  $helo = 'mail-wi0-f175.google.com';
     3  $rly = {'by' => 'mx.google.com','lc_helo' => 'localhost','auth' => 
'ESMTPSA','internal' => 0,'no_reverse_dns' => 1,'envfrom' => '','ip_private' => 
'','lc_by' => 'mx.google.com','as_string' => '[ ip=188.95.50.54 rdns= 
helo=localhost by=mx.google.com ident= envfrom= intl=0 
id=ka7sm8287084wjc.36.2015.06.17.12.09.06 auth=ESMTPSA msa=0 ]','rdns' => 
'','msa' => 0,'id' => 'ka7sm8287084wjc.36.2015.06.17.12.09.06','helo' => 
'localhost','ident' => '','ip' => '188.95.50.54','lc_rdns' => ''};
     4  $helo = 'localhost';
     5  TxRep: reputation: none, count: 0, weight: 1.0, delta: 0.000, MSG_ID: 
6299928cd975ec60a0c99da65600c69b1184f902@sa_generated
     6  TxRep: active, 6299928cd975ec60a0c99da65600c69b1184f902@sa_generated 
pre-score: -1.885, autolearn score: 0.397, IP: 188.95.50.54, address: 
ale...@price2spy.com (unsigned)
     7  TxRep: reputation: 0.396, count: 1, weight: 10.0, delta: -0.001, 
EMAIL_IP: ale...@price2spy.com
     8  $rly = {'id' => 't5HJ97nj029682','helo' => 
'mail-wi0-f176.google.com','auth' => '','internal' => 0,'ident' => '','by' => 
'mx1.domain.com','msa' => 0,'lc_helo' => 'mail-wi0-f176.google.com','lc_by' => 
'mx1.domain.com','ip' => '209.85.212.176','as_string' => '[ ip=209.85.212.176 
rdns=mail-wi0-f176.google.com helo=mail-wi0-f176.google.com by=mx1.domain.com 
ident= envfrom=ale...@price2spy.com intl=0 id=t5HJ97nj029682 auth= msa=0 
]','lc_rdns' => 'mail-wi0-f176.google.com','rdns' => 
'mail-wi0-f176.google.com','envfrom' => 'ale...@price2spy.com','ip_private' => 
''};
     9  $helo = 'mail-wi0-f176.google.com';
    10  $rly = {'no_reverse_dns' => 1,'envfrom' => '','ip_private' => 
'','lc_by' => 'mx.google.com','as_string' => '[ ip=188.95.50.54 rdns= 
helo=localhost by=mx.google.com ident= envfrom= intl=0 
id=ka7sm8287084wjc.36.2015.06.17.12.09.06 auth=ESMTPSA msa=0 ]','rdns' => 
'','by' => 'mx.google.com','lc_helo' => 'localhost','auth' => 
'ESMTPSA','internal' => 0,'ip' => '188.95.50.54','lc_rdns' => '','msa' => 
0,'id' => 'ka7sm8287084wjc.36.2015.06.17.12.09.06','helo' => 
'localhost','ident' => ''};
    11  $helo = 'localhost';
    12  TxRep: reputation: none, count: 0, weight: 1.0, delta: 0.000, MSG_ID: 
6299928cd975ec60a0c99da65600c69b1184f902@sa_generated
    13  TxRep: active, 6299928cd975ec60a0c99da65600c69b1184f902@sa_generated 
pre-score: -1.885, autolearn score: 0.397, IP: 188.95.50.54, address: 
ale...@price2spy.com (unsigned)
    14  TxRep: reputation: 0.396, count: 1, weight: 10.0, delta: -0.001, 
EMAIL_IP: ale...@price2spy.com
    15  TxRep: reputation: 0.396, count: 1, weight: 2.0, delta: -0.001, DOMAIN: 
price2spy.com
    16  TxRep: reputation: 0.397, count: 1, weight: 2.0, delta: 0.000, DOMAIN: 
price2spy.com
    17  TxRep: reputation: 0.396, count: 1, weight: 0.5, delta: -0.001, HELO: 
localhost
    18  TxRep: reputation: 0.397, count: 1, weight: 0.5, delta: 0.000, HELO: 
localhost
    19  TxRep: reputation: 0.396, count: 1, weight: 3.0, delta: -0.001, EMAIL: 
ale...@price2spy.com
    20  TxRep: reputation: 0.397, count: 1, weight: 3.0, delta: 0.000, EMAIL: 
ale...@price2spy.com
    21  TxRep: reputation: 0.396, count: 1, weight: 4.0, delta: -0.001, IP: 
188.95.50.54
    22  TxRep: reputation: 0.397, count: 1, weight: 4.0, delta: 0.000, IP: 
188.95.50.54
    23  TxRep: got_hit: -0.000
    24  TxRep: post-TxRep score: -1.885
    25  TxRep: reputation: none, count: 0, weight: 1.0, delta: 0.000, MSG_ID: 
6299928cd975ec60a0c99da65600c69b1184f902@sa_generated
    26  TxRep: got_hit: -0.000
    27  TxRep: post-TxRep score: -1.885
    28  TxRep: reputation: 0.397, count: 1, weight: 1.0, delta: 0.397, MSG_ID: 
6299928cd975ec60a0c99da65600c69b1184f902@sa_generated

Problem with TxRep's HELO handling

Reply via email to