Here is a piece of mail that gets classified as spam, although it should not. I have replaced a few email addresses by fake ones, they dont contribute to the problem.
So what happens: a mail is sent via an authenticated session, to a qmail / qmail-scanner setup running at mydomain.de Here qmail adds its received header Received: from p5499d2c7.dip.t-dialin.net (HELO test) ([EMAIL PROTECTED]) identifying that the mail originates from a dynamic ip. Note that out of many smtp auth patches only this one seems to put the ESMTPA keyword in the header. Next, qmail-scanner adds its own header Received: from 84.153.210.199 ([EMAIL PROTECTED]) by mail3 (envelope-from <[EMAIL PROTECTED]>, uid 0) with qmail-scanner-2.01 saying essentially the same things again (dynamic ip, known user name) just with the dynamic dns name of the sender replaced by its ip address. The mail is sent to its destination, another qmail machine running SA Here, SA assigns score to DUL lists, and to a numeric ip in helo (which was only added by qmail-scanner, The HOST_EQ_D_D_D_D and HOST_EQ_D_D_D_DB entries also seem to be triggered by the qmail-scanner header Wolfgang Hamann >> X-Spam-Level: ******** >> X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on mailserver >> X-Spam-Flag: YES >> X-Spam-Status: Yes, score=8.2 required=5.2 tests=DK_SIGNED,HELO_EQ_IP_ADDR, >> HOST_EQ_D_D_D_D,HOST_EQ_D_D_D_DB,NO_REAL_NAME,RCVD_IN_NJABL_DUL, >> RCVD_IN_SORBS_DUL,RCVD_NUMERIC_HELO autolearn=no version=3.1.1 >> X-Spam-Report: >> * 0.7 HOST_EQ_D_D_D_D HOST_EQ_D_D_D_D >> * 1.1 HELO_EQ_IP_ADDR HELO using IP Address (not private) >> * 0.6 NO_REAL_NAME From: does not include a real name >> * 0.9 HOST_EQ_D_D_D_DB HOST_EQ_D_D_D_DB >> * 0.0 DK_SIGNED Domain Keys: message has an unverified signature >> * 1.3 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO >> * 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP >> address >> * [84.153.210.199 listed in dnsbl.sorbs.net] >> * 1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP >> * [84.153.210.199 listed in combined.njabl.org] >> Received: (qmail 13293 invoked by uid 0); 30 Apr 2006 10:13:00 -0000 >> Received: from [EMAIL PROTECTED] by mail1 by uid 81 with >> qmail-scanner-1.20rc2 >> (clamdscan: 0.88. hbedv: AntiVir / Linux Version 2.1.6-23 spamassassin: >> 3.1.1. Clear:RC:0:. >> Processed in 3.195621 secs); 30 Apr 2006 10:13:00 -0000 >> Received: from shared3.provider.de (HELO shared3.provider.de) ([EMAIL >> PROTECTED]) >> by mail1.provider.de with AES256-SHA encrypted SMTP; 30 Apr 2006 10:12:56 >> -0000 >> Received: (qmail 30465 invoked by uid 0); 30 Apr 2006 10:12:55 -0000 >> Received: from 84.153.210.199 ([EMAIL PROTECTED]) by shared3 (envelope-from >> <[EMAIL PROTECTED]>, uid 0) with qmail-scanner-2.01 >> (clamdscan: 0.88.1/1426. hbedv: 6.34.1.27/6.34.1.12. spammassassin: 3.1.1 >> Clear:RC:0(84.153.210.199):. >> Processed in 1.306009 secs); 30 Apr 2006 10:12:55 -0000 >> X-Qmail-Scanner-Mail-From: [EMAIL PROTECTED] via shared3 >> X-Qmail-Scanner: 2.01 (Clear:RC:0(84.153.210.199):. Processed in 1.306009 >> secs) >> Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys >> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; >> s=default; d=mydomain.de; >> >> b=ur58T/KNSEqQPRhnEoNUvKyvKlEhz9l5nbRkZCcpUuuKn+CDCuuSMRpRRPVeBInvhGF5Z/j8dRxEfZL74d3A/A36I4dxQuqQZHNPJ8aLTzIqQRnv76ynl4CB+zDzo/VGsYiLD3R07lOe+BTwtknoSdTQ3ENbHp37KnDE37mZHXo= >> ; >> Received: from p5499d2c7.dip.t-dialin.net (HELO test) ([EMAIL PROTECTED]) >> by www.mydomain.de with ESMTPA; 30 Apr 2006 10:11:39 -0000 >> From: [EMAIL PROTECTED] >> To: .... ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
