David B Funk writes: >On Thu, 17 Jul 2003, Tony Earnshaw wrote: > >> David B Funk wrote: >> >> > For example, in the attached message the source was an AOL >> > dialup "AC826956.ipt.aol.com [172.130.105.86]" which hit >> > 6 RBLs ;() (with 'dnsbl.njabl.org' being added TWICE). >> >> You don't seem to be studying what is reported in the 2 NJABL evals with >> enough attention. They are both about different things. >> RCVD_IN_NJABL_DIALUP is complaining that 172.130.105.86 did not send >> smtp mail via its ISP, AOL, which many mail servers insist on for most >> dynamically allocated dialup IP numbers - since their source can not be >> verified - and many spammers use them for that reason. > >OK, I'm sorry I wasn't clear enough about the environment. The AOL client >was using a web browser (HTTP not SMTP) to sent the message, via a >webmail (HTTP-2-IMAP/SMTP) gateway (running 'IMP'). I understand about >requiring dial-up clients using their ISP for SMTP transactions, but this >was HTTP. > >AOL-client (HTTP) => webmail gateway. >webmail gateway (SMTP) => campus SMTP server... > >Thus that first hop should NOT have been tagged as violating the DIALUP >restrictions.
Well, the first hop should always be ignored for dialup DNSBL lookups, since in most cases it *can* be a dialup. Is that all the Received headers, or are there more? You should probably open this as a bug on http://bugzilla.SpamAssassin.org/ and attach the message there, it gets more attention that way. --j. >If you look closely at the headers, you'll see that the first >'Received:' header is tagged as using HTTP (not SMTP) protocol. > > Received: from localhost (webmail2-maint.its.uiowa.edu [128.255.56.154]) > by day.its.uiowa.edu (8.12.9/8.12.9/ns-mx-1.14) with ESMTP id > h6H21naK015350; > Wed, 16 Jul 2003 21:01:49 -0500 > Received: from AC826956.ipt.aol.com (AC826956.ipt.aol.com [172.130.105.86]) > by webmail2.its.uiowa.edu (IMP) with HTTP > for <[EMAIL PROTECTED]>; Wed, 16 Jul 2003 21:01:49 -0500 > >I realize that this is a rather unusual kind of header to find in a >mail transaction, but it is a correct usage of the protocol. > >I would like to be able to use the DIALUP RBLs for catching SMTP >violators, but that IMP webmail gateway is a very popular thing >on our campus and heavily used. > >-- >Dave Funk University of Iowa ><dbfunk (at) engineering.uiowa.edu> College of Engineering >319/335-5751 FAX: 319/384-0549 1256 Seamans Center >Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 >#include <std_disclaimer.h> >Better is not better, 'standard' is better. B{ > > > >------------------------------------------------------- >This SF.net email is sponsored by: VM Ware >With VMware you can run multiple operating systems on a single machine. >WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the >same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 >_______________________________________________ >Spamassassin-talk mailing list >[EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/spamassassin-talk > > ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
