Well, yes, in that case it's a false-negative. :) The IP address IS in Dynablock's listing, but SpamAssassin doesn't even appear to be checking according to the debug output. In my original posting I included both a case where I'm seeing false-positives (with Earthlink) and false-negatives (coming from katie.darklegacies.com). It only seems to occur when the email is being processed through spamass-milter and spamd; processing it manually using spamassassin works properly. It would seem to imply that either spamass-milter is mangling the headers or that SpamAssassin is having trouble parsing them.
For instance, 'spamassassin -D -t' has the following output: debug: received-header: parsed as [ ip=68.46.27.0 rdns=pcp044858pcs.trnrsv01.nj.comcast.net helo=katie.darklegacies.com by=mail-gateway.metrologic.com ident= ] debug: received-header: relay 68.46.27.0 trusted? No While running spamd with debugging enabled does not show the header as being parsed and therefore I don't believe it checks the IP against Dynablock. As for why it's not parsing properly I'm not sure. I've tried both the new and old versions of spamass-milter and niether one results in success. Brian -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, November 03, 2003 7:21 PM To: Brian Sneddon Cc: 'Matt Kettler'; [EMAIL PROTECTED] Subject: Re: [SAtalk] RCVD_IN_DYNABLOCK FP? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brian Sneddon writes: >The only trusted network should be that of mail-gateway.metrologic.com >which is my MTA. Katie.darklegacies.com is a host on a dynamic IP >which is not a trusted host. Therefore I would expect mail submitted >to my MTA from katie.darklegacies.com to match DYNABLOCK, yet it does not. OK -- that's a different issue then -- hte Dynablock list doesn't contain that IP address for some reason. That's not an FP, it's an FN ;) - --j. >-----Original Message----- >From: Matt Kettler [mailto:[EMAIL PROTECTED] >Sent: Monday, November 03, 2003 1:18 PM >To: Brian Sneddon; [EMAIL PROTECTED] >Subject: RE: [SAtalk] RCVD_IN_DYNABLOCK FP? > >At 11:35 AM 11/3/2003, Brian Sneddon wrote: >>I'm running SpamAssassin 2.60 on a public IP (not NATed) and none of >>the -notfirsthop rules (including RCVD_IN_DYNABLOCK) have worked >>correctly for me, either. For reference I'm also running Sendmail and >>Spamass-milter 0.2.0. Here are the headers from an email that >>*should* have matched the >>rule: >> >>Received: from katie.darklegacies.com >>(pcp044858pcs.trnrsv01.nj.comcast.net >>[68.46.27.0]) >> by mail-gateway.metrologic.com (8.12.8/8.12.8) with ESMTP id >>hA3GIq7M006336 > >In your case, auto-inference of trusted_networks won't work either. The "by" >host in the first Received header is not in the same /16 as the first "From" >host. > >This is documented in the Mail::SpamAssassin::Conf helpfile under >trusted_networks. > >Since you are using a MTA outside of your local address range, and your >MTA itself is within the DYNABLOCK blacklist, you'll have to manualy >set trusted_networks to avoid falses. > > >------------------------------------------------------- >This SF.net email is sponsored by: SF.net Giveback Program. >Does SourceForge.net help you be more productive? Does it >help you create better code? SHARE THE LOVE, and help us help >YOU! Click Here: http://sourceforge.net/donate/ >_______________________________________________ >Spamassassin-talk mailing list >[EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/spamassassin-talk > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Exmh CVS iD8DBQE/pvDOQTcbUG5Y7woRAuX9AJ9hc8eraZUbYEZTIlDZyFzWjxlauQCgw0io B+KIsWf74Ev2iXDHGeBgUNg= =Kod/ -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
