Spamass-milter and outbound mail

Thu, 29 Oct 2020 06:53:03 -0700 

Recently the behavior of spamass-milter or the underlying spamassasin has 
changed such that the originating IP for secured submission email is being 
tagged for PBL/Dynamic scores. This does;t happen often, but since all mail is 
only accepted via TLSv1.2 this should not be happening.

The trouble is, it is happening so rarely I'm having trouble testing and trying 
to fix it.

root       793   0.0  0.8  94396  29272  -  Ss   21Oct20     0:18.07 
/usr/local/sbin/spamass-milter -f -p /var/run/spamass-milter.sock -u spamd -r 
10 -i 65.121.55.40/29 -i 127.0.0.1 -e covisp.net
root      5892   0.0  2.0  76688  69996  -  Ss   01:19       0:03.90 
/usr/local/bin/perl -T -w /usr/local/bin/spamd -u spamd -c -H /var/spool/spamd 
-d -r /var/run/spamd/spamd.pid

I think I've seen three mails in the last 10 days have this issue.

So, what do I need to do to return to previous behavior were the originating IP 
is not checked for dynamic/PBL when it's an authenticated submission?

The received header looks like this:

Received: from [10.0.0.11] (*dynamic-ip*.hsd1.co.comcast.net [ho.me.ip])
        by mail.covisp.net(Postfix 3.5.7/8.13.0) with SMTP id 4CMRTV2XHxz36hvr;
        Thu, 29 Oct 2020 07:42:54 -0600
        (envelope-from <krem...@kreme.com>)

Logs:
postfix/smtps/smtpd[69044] 4CMRTV2XHxz36hvr: 
client=*dynamic-ip*.hsd1.co.comcast.net[ho.me.ip], sasl_method=PLAIN, 
sasl_username=krem...@kreme.com
postfix/smtps/smtpd[69044] 4CMRTV2XHxz36hvr: permit: RCPT from 
*dynamic-ip*.hsd1.co.comcast.net[ho.me.ip]: action=permit_sasl_authenticated 
for Client host=*dynamic-ip*.hsd1.co.comcast.net[ho.me.ip] ; 
from=<krem...@kreme.com> to=<*user*@gmail.com> proto=ESMTP helo=<[10.0.0.11]>
postfix/smtps/smtpd[69044] 4CMRTV2XHxz36hvr: permit: RCPT from 
*dynamic-ip*.hsd1.co.comcast.net[ho.me.ip]: action=permit_sasl_authenticated 
for Client host=*dynamic-ip*.hsd1.co.comcast.net[ho.me.ip] ; 
from=<krem...@kreme.com> to=<*user*@gmail.com> proto=ESMTP helo=<[10.0.0.11]>
postfix/smtps/smtpd[69044] 4CMRTV2XHxz36hvr: permit: RCPT from 
*dynamic-ip*.hsd1.co.comcast.net[ho.me.ip]: action=permit_sasl_authenticated 
for Client host=*dynamic-ip*.hsd1.co.comcast.net[ho.me.ip] ; 
from=<krem...@kreme.com> to=<*user*@gmail.com> proto=ESMTP helo=<[10.0.0.11]>
postfix/cleanup[68900] 4CMRTV2XHxz36hvr: 
message-id=<696f5b87-f19e-463f-b527-a8ab76fe9...@kreme.com>
postfix/qmgr[41481] 4CMRTV2XHxz36hvr: from=<krem...@kreme.com>, size=3622, 
nrcpt=1 (queue active)
postfix/smtp[69047] 4CMRTV2XHxz36hvr: to=<*user*@gmail.com>, 
relay=gmail-smtp-in.l.google.com[172.217.214.27]:25, delay=1.4, 
delays=0.65/0.01/0.27/0.43, dsn=2.0.0, status=sent (250 2.0.0 OK  1603978975 
t85si2610834ili.161 - gsmtp)
postfix/qmgr[41481] 4CMRTV2XHxz36hvr: removed

-- 
I think it would be fun to run a newspaper.

Reply via email to