Jon Fraley writes: > On Mon, 2003-10-13 at 09:58, Keith C. Ivey wrote: > > Jon Fraley <[EMAIL PROTECTED]> wrote: > > > > > It seems that we do business with alot of people with aol.com > > > email addresses. Practically all of these are getting flagged > > > as SPAM with: > > > > > > 4.1 NO_RDNS_DOTCOM_HELO Host HELO'd as a big ISP, but had no > > > rDNS 2.4 FAKE_HELO_AOL Host HELO did not match rDNS: > > > aol.com > > > > Can you post the headers from some of those messages? Is your > > mail server not putting the rDNS into the headers? > > > > I'd lower the scores for those tests in local.cf for the time > > being.
agreed. Could you open a bugzilla bug at http://bugzilla.SpamAssassin.org/ ; it's a bug. It looks like your mail server software ("smtpd") is using a slightly unusual format for the Received lines here: from imo-m01.mx.aol.com ([64.12.136.4]) by eagle.glenraven.com In sendmail/postfix style, that means that the host HELO'd as imo-m01.mx.aol.com, with no reverse DNS. Our Received-header parser reads it as such, and of course, AOL's relays all *do* have rDNS set up, so this is indicative of a forgery. In this case I think we need to special-case the Received-header parser to know that Received lines generated by that MTA, do not contain rDNS data. BTW what MTA is it? smtpd sounds like Postfix, but as far as I know pf always does rDNS checks. --j. > Return-path: <[EMAIL PROTECTED]>^M > Received: from crusher.glenraven.com (crusher.glenraven.com > [198.85.87.19])^M > by nsuite.glenraven.com^M > (iPlanet Messaging Server 5.2 HotFix 1.10 (built Jan 23 2003))^M > with ESMTP id <[EMAIL PROTECTED]> for > [EMAIL PROTECTED];^M > Wed, 08 Oct 2003 16:25:39 -0400 (EDT)^M > Received: from max.glenraven.com (max.glenraven.com [198.85.87.98])^M > by crusher.glenraven.com (8.12.8/8.12.8) with SMTP id > h98KPcsR009436 for^M > <[EMAIL PROTECTED]>; Wed, 08 Oct 2003 16:25:38 -0400^M > Received: FROM eagle.glenraven.com BY max.glenraven.com ; Wed Oct 08 > 16:28:42^M > 2003 -0700^M > Received: from imo-m01.mx.aol.com ([64.12.136.4]) by eagle.glenraven.com > via^M > smtpd (for [198.85.87.98]) with SMTP; Wed, 08 Oct 2003 16:25:37 -0400^M > Received: from [EMAIL PROTECTED] by imo-m01.mx.aol.com^M > (mail_out_v36_r1.1.) id t.1e3.1135ea47 (3940); Wed,^M > 08 Oct 2003 16:25:33 -0400 (EDT)^M > Date: Wed, 08 Oct 2003 16:25:32 -0400 (EDT)^M > From: [EMAIL PROTECTED] > Subject: *****SPAM***** Meeting in Birmingham, England^M > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] > Message-id: <[EMAIL PROTECTED]>^M > MIME-version: 1.0^M > X-Mailer: 7.0 for Windows sub 10708^M > Content-type: multipart/mixed; > boundary="----------=_3F8472C2.21FFC84C"^M > Content-transfer-encoding: 7bit^M > X-Spam-Flag: YES^M > X-Spam-Status: Yes, hits=7.8 required=6.0 > tests=AWL,BAYES_50,FAKE_HELO_AOL,^M > NO_RDNS_DOTCOM_HELO,NO_REAL_NAME autolearn=no version=2.60^M > X-Spam-Level: *******^M > X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on^M > crusher.glenraven.com^M > Original-recipient: rfc822;[EMAIL PROTECTED] > ^M > This is a multi-part message in MIME format.^M ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
