Re: Webmail and IP rules

2005-03-27 Thread Daryl C. W. O'Shea
List Mail User wrote: ... Date: Sun, 27 Mar 2005 00:51:25 -0500 From: "Daryl C. W. O'Shea" <[EMAIL PROTECTED]> ... To: List Mail User <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], users@spamassassin.apache.org Subject: Re: Webmail and IP rules .

Re: Webmail and IP rules

2005-03-27 Thread List Mail User
>... >Date: Sun, 27 Mar 2005 00:51:25 -0500 >From: "Daryl C. W. O'Shea" <[EMAIL PROTECTED]> >... >To: List Mail User <[EMAIL PROTECTED]> >Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], >users@spamassassin.apache.org >Subject: Re: Webmail and IP

Re: Webmail and IP rules

2005-03-27 Thread Daryl C. W. O'Shea
List Mail User wrote: Dave, You have a few valid points, and the rule may be misnamed with HELO at its prefix; But look at some email coming from the free services like Yahoo!, Hotmail or Gmail and you will see HTTP (as well as other protocols; Hotmail/MSN also uses both of the MS

Re: Webmail and IP rules

2005-03-27 Thread Daryl C. W. O'Shea
Shane Williams wrote: I noticed the HELO_DYNAMIC_* thread and the conclusion that IMP adding a Received header may be a source of problems. I pieced together the same conclusion just this morning based on several false positives that went through our campus' IMP-based webmail. In addition to the

Re: Webmail and IP rules

2005-03-06 Thread Justin Mason
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tony Finch writes: > On Wed, 2 Mar 2005, Justin Mason wrote: > > Shane Williams writes: > > > I noticed the HELO_DYNAMIC_* thread and the conclusion that IMP adding > > > a Received header may be a source of problems. > > > > I think the problem is be

Re: Webmail and IP rules

2005-03-06 Thread Justin Mason
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Shane Williams writes: > Let me make it clear that I'm not convinced yet where the "problem" > really lies. IMP's Received header seems deceptively "real", but for > all I know this meets (or at least doesn't contradict) some RFC. On > the other han

Re: Webmail and IP rules

2005-03-03 Thread List Mail User
CTED]> To: [EMAIL PROTECTED] Subject: Re: Webmail and IP rules Let me make it clear that I'm not convinced yet where the "problem" ... -- Public key #7BBC68D9 at| Shane Williams http://pgp.mit.edu/

Re: Webmail and IP rules

2005-03-03 Thread List Mail User
3GvLGD004371 > (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) > for ; Thu, 3 Mar 2005 10:57:22 -0600 >Received: from shanew.net (localhost.localdomain [127.0.0.1]) > by shanew.net (8.12.11/8.12.11) with ESMTP id j23GvEUt027149 > for ; Thu, 3 Mar

Re: Webmail and IP rules

2005-03-03 Thread David B Funk
Sigh, Paul, Do me a favor, go look at the SA code and see what "HELO_DYNAMIC_ATTBI" is all about. Note that it is looking at the 'X-Spam-Relays-Untrusted' meta-data thus SA already knows that client is untrusted, so it is NOT a trusted_networks issue at all. So hacking the trust settings will do N

Re: Webmail and IP rules

2005-03-03 Thread Shane Williams
Let me make it clear that I'm not convinced yet where the "problem" really lies. IMP's Received header seems deceptively "real", but for all I know this meets (or at least doesn't contradict) some RFC. On the other hand even if the problem should be fixed by the IMP devs, it may be easier to "fix

Re: Webmail and IP rules

2005-03-03 Thread List Mail User
Dave, You have a few valid points, and the rule may be misnamed with HELO at its prefix; But look at some email coming from the free services like Yahoo!, Hotmail or Gmail and you will see HTTP (as well as other protocols; Hotmail/MSN also uses both of the MS proprietary protocols

Re: Webmail and IP rules

2005-03-03 Thread Tony Finch
On Wed, 2 Mar 2005, Justin Mason wrote: > Shane Williams writes: > > I noticed the HELO_DYNAMIC_* thread and the conclusion that IMP adding > > a Received header may be a source of problems. > > I think the problem is being caused by IMP being "too good" at > generating a Received header that looks

Re: Webmail and IP rules

2005-03-03 Thread David B Funk
On Wed, 2 Mar 2005, List Mail User wrote: > >... > >I think the problem is being caused by IMP being "too good" at > >generating a Received header that looks like a normal one added > >by an MTA. Good enough to fool SpamAssassin into thinking it's > >an SMTP one, anyway. ;) > > > >Could someone o

Re: Webmail and IP rules

2005-03-02 Thread List Mail User
>>From [EMAIL PROTECTED] Wed Mar 2 15:01:17 2005 >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >... >Delivered-To: mailing list users@spamassassin.apache.org >... > >I think the problem is being caused by IMP being "too good" at >generating a Received header that looks like a normal one a

Re: Webmail and IP rules

2005-03-02 Thread Justin Mason
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think the problem is being caused by IMP being "too good" at generating a Received header that looks like a normal one added by an MTA. Good enough to fool SpamAssassin into thinking it's an SMTP one, anyway. ;) Could someone open a bug about this

Webmail and IP rules

2005-03-02 Thread Shane Williams
I noticed the HELO_DYNAMIC_* thread and the conclusion that IMP adding a Received header may be a source of problems. I pieced together the same conclusion just this morning based on several false positives that went through our campus' IMP-based webmail. In addition to the several variations of