Rob Tanner wrote:
Hi,
We are having problems sending email to a particular site on the
internet that uses SpamAssassin to filter for spam. They send me back
the headers on a particular message and here is the spam portion:
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.0 (2007-05-01) on
microthunder.com
X-Spam-Level: ****
X-Spam-Status: Yes, score=4.4 required=4.0 tests=HTML_MESSAGE,
MIME_QP_LONG_LINE,RCVD_NUMERIC_HELO autolearn=no version=3.2.0
X-Spam-Report: * 2.6 RCVD_NUMERIC_HELO Received: contains an IP
address used for HELO * 0.0 HTML_MESSAGE BODY: HTML included in message
* 1.8 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars
What I don’t get is the first test in the X-Spam-Report header which
received a 2.6. Does postfix strictly send the IP address on the
HELO/EHLO? If so, what parameter to I need to set to $myhostname? Or,
am I entirely misunderstanding what that test tests for?
Thanks.
--
*Rob Tanner
*UNIX Services Manager
Linfield College, McMinnville Oregon
503-883-2558
Where postfix gets the HELO name used:
http://www.postfix.org/postconf.5.html#smtp_helo_name
http://www.postfix.org/postconf.5.html#myhostname
I'm going to rashly assume the problem is with the same server
you used to send mail to the list, so the rest of this message
could be totally irrelevant ...
Looking at the headers of the message you sent to the list:
Received: from neskowin.linfield.edu (neskowin.linfield.edu
[192.147.171.21])
by russian-caravan.cloud9.net (Postfix) with SMTP id 55D0AFD9F3
for <postfix-users@postfix.org>; Wed, 4 Mar 2009 14:33:37
-0500 (EST)
Received: from neskowin.linfield.edu (localhost.localdomain
[127.0.0.1])
by linfield.edu (Postfix) with SMTP id 596B158120
for <postfix-users@postfix.org>; Wed, 4 Mar 2009 11:33:36
-0800 (PST)
Received: from exchangedb.wfo.linfield.edu
(exchangedb.wfo.linfield.edu [10.170.131.27])
by neskowin.linfield.edu (Postfix) with ESMTP id 410365811C
for <postfix-users@postfix.org>; Wed, 4 Mar 2009 11:33:36
-0800 (PST)
Received: from 10.219.255.241 ([10.219.255.241]) by
exchangedb.wfo.linfield.edu ([10.170.131.27]) via Exchange
Front-End Server exchange.linfield.edu ([10.170.131.28]) with
Microsoft Exchange Server HTTP-DAV ;
Wed, 4 Mar 2009 19:33:36 +0000
the only numeric HELO I see is from the originating client.
IMHO SpamAssassin should not be applying this test to all
headers, only the topmost "trusted" header. Next wild guess
is that the recipient server has misconfigured SA.
You can "fix" this with a header_checks rule to either REWRITE
the offending header to "X-Received:..." or just IGNORE
(remove) it.
-- Noel Jones
