Ryan,

My daughters machine is NOT sending mail directly to me, she uses the mail services provided by an ASP opposed to an ISP. The Received from headers do include an ip address that is in the RCVD_IN_DYNABLOCK list. However the SMTP server is not in a RCVD_IN_DYNABLOCK list. Therefore it shouldn't be tagged as such.

It gets worse....<g> while viewing various headers I saw another one that shouldn't be tagged. The mail came through the sympatico servers, which is that senders' ISP. (they use smtp1.sympatico.ca) It too is tagged as RCVD_IN_DYNABLOCK based on the Mail Client IP address.

So far the way I see it, the method used to determine if mail originates from a "non legal" source (my term) appears to be flawed. I used Vivek's Method to determine what line was triggering the RCVD_IN_DYNABLOCK, it is the first line (bottom), surely that should be ignored.

If I send email from my daughters machine to an AOL recipient its accepted by AOL servers, they ignore the ip address of the mail client. On the other hand if I set Anita's mail client to use my email server it is rejected, which is as it should be.

Whats the difference here, AOL seems to have it right, email from Anita's mail client using Aloak's SMTP servers is a perfectly acceptable method of using email, When we set her SMTP server to my email server it is definately from a RCVD_IN_DYNABLOCK and is subsequently rejected, which in my opinion is also an acceptable method of determining a higher potential for it being spam. SpamAssassin doesn't seem to be making that distinction.

Someone else suggested that my daughter use the ISP's SMTP server, sure that would probably solve this issue, as would zeroing RCVD_IN_DYNABLOCK, but what of all the people who use an ASP's mail service opposed to their ISP?

Terry...


Ryan Moore wrote:
I guess I'm either confused or a little too tired, but I'm not seeing a problem with what is happening. The IP 65.48.80.27 is listed in the dynablock list, so when the receiving system parses through the
headers it checks that IP in the various RBLs and gets a match on that one.


In any case, as Gerry mentioned your daughter will want to use her isp's smtp server instead of sending directly into your system, as it sounds like that is what is happening. Or you can use the trusted_networks option

Ryan Moore
----------
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net

Terry Milnes wrote:

Ryan,

Ok here are the two headers again, both messages originated from the same computer, smtp server in outlook express is set up to use aloak.ca (which is not in a dialup block).

The only difference besides content is the recipient address, the only difference in content was they also contained recipient addresses... I ran this a dozen times to make sure it wasn't an isolated case, and was incluing the recipient address in the content for fater reference.

Terry...

--------HEADER FROM RCVD_IN_DYNABLOCK MESSAGE---------

 From - Wed Sep 24 14:06:52 2003
X-UIDL: 1064426808.23355_0.london.interface.on.ca
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 23349 invoked from network); 24 Sep 2003 18:06:46 -0000
Received: from igloo.aloak.ca (216.220.38.195)
  by london.interface.on.ca with SMTP; 24 Sep 2003 18:06:46 -0000
Received: (qmail 26040 invoked by uid 10000); 24 Sep 2003 18:06:37 -0000
Received: from unknown (HELO neetas) (65.48.80.27)
  by igloo.aloak.ca with SMTP; 24 Sep 2003 18:06:37 -0000
Message-ID: <[EMAIL PROTECTED]>
From: "Anita Milnes" <[EMAIL PROTECTED]>
To: "Dad" <[EMAIL PROTECTED]>
Subject: test 13
Date: Wed, 24 Sep 2003 14:08:04 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0062_01C382A5.45E02CC0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Spam-Checker-Version: SpamAssassin 2.60-rc6-interface_1.3
    (1.208-2003-09-19-exp) on london.interface.on.ca
X-Spam-Status: No, hits=2.7 required=4.0 tests=HTML_70_80,HTML_MESSAGE,
    RCVD_IN_DYNABLOCK autolearn=no version=2.60-rc6-interface_1.3
X-Spam-Level: **

----------------------------------------------------------------------

-------- HEADER FROM MESSAGE THAT APPEARS CORRECT ---------

 From - Wed Sep 24 14:24:40 2003
X-UIDL: 1064427870.23568_0.london.interface.on.ca
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 23562 invoked from network); 24 Sep 2003 18:24:28 -0000
Received: from qanuk.aloak.ca (216.220.38.194)
  by london.interface.on.ca with SMTP; 24 Sep 2003 18:24:28 -0000
Received: from igloo.aloak.ca (igloo [216.220.38.195])
    by qanuk.aloak.ca (8.12.9/8.12.2) with SMTP id h8OIOJRj009321
    for <[EMAIL PROTECTED]>; Wed, 24 Sep 2003 14:24:19 -0400
Received: (qmail 32404 invoked by uid 10000); 24 Sep 2003 18:24:18 -0000
Received: from unknown (HELO neetas) (65.48.80.27)
  by igloo.aloak.ca with SMTP; 24 Sep 2003 18:24:18 -0000
Message-ID: <[EMAIL PROTECTED]>
From: "Anita Milnes" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: test 14
Date: Wed, 24 Sep 2003 14:25:44 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_006B_01C382A7.BD61FA10"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Spam-Checker-Version: SpamAssassin 2.60-rc6-interface_1.3
    (1.208-2003-09-19-exp) on london.interface.on.ca
X-Spam-Status: No, hits=0.1 required=4.0 tests=HTML_70_80,HTML_MESSAGE
    autolearn=no version=2.60-rc6-interface_1.3
X-Spam-Level:



Ryan Moore wrote:

If there are recieved-from headers from the recipient's mail system, then they may get checked in the rbl's depending on how deep they are. The recipient can use the 'trusted_networks' option that was added in 2.60 to get around that problem. I don't have the start of the thread on the machine I'm writing this from so hopefully I understood what was going on ;]


Ryan Moore ---------- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net

Terry Milnes wrote:

But you are missing the point, mail is being identified as RCVD_IN_DYNABLOCK when it is the recipient who is in the dial up block, not the sender.

The sender is on the rogers network using aloak smtp/pop3 servers, sending a message to a domain that is in the dial up block.

The message should NOT be tagged as RCVD_IN_DYNABLOCK because the "received from" is from aloak.

I thought I might have a problem explaining this, take a look at the headers I supplied, a real close look and you should be able to see what I mean.

As for the Rogers Network, there is a problem there as well, they sell commercial accounts that did not have these restrictions you mention, yet over the last few weeks these commercial accounts are being treated the same as the residential. I am calling them tomorrow about this issue, it costs three times as much for the commercial services, hopefully their policies haven't changed.....

Thanks for the response btw.

Terry







------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to