Sure - courier-0.44.2
The message is being parsed in the systems maildroprc file - which is a
global config file affecting all users.
maildroprc:
import UI_Maildir
import UI_Email
DEFAULT=$UI_Maildir
#cc "| /usr/bin/env >>/tmp/env"
if ( $SIZE < 512000 )
{
xfilter "/usr/bin/spamc -U /var/run/spamassassin.sock -u $UI_Email"
}
if ( /^X-Spam-Status: Yes,/ )
{
DEFAULT="$DEFAULT/.Spam/"
}
My local.cf contains:
user_scores_dsn DBI:mysql:mom:localhost
user_scores_sql_username xxxxx
user_scores_sql_password xxxxx
user_scores_sql_table xxxxx
# XBL is the Exploits Block List: http://www.spamhaus.org/xbl/
header RCVD_IN_XBL eval:check_rbl_txt('xbl', 'xbl.spamhaus.org.')
describe RCVD_IN_XBL Received via a relay in Exploits Block List
tflags RCVD_IN_XBL net
score RCVD_IN_XBL 1
And again for reference - the offending headers:
> Received: from bigass1.XXX.com ([66.199.X.X])
> by slim1.XXX.com with esmtp; Tue, 06 Jan 2004 07:56:43 +0000
> Received: from a1200 ([24.83.X.X])
> (AUTH: LOGIN [EMAIL PROTECTED])
> by bigass1.XXX.com with esmtp; Tue, 06 Jan 2004 07:56:42 +0000
Note - if I - the remote user sent email to another user on the same system,
only this header might exist:
> Received: from a1200 ([24.83.X.X])
> (AUTH: LOGIN [EMAIL PROTECTED])
> by slim1.XXX.com with esmtp; Tue, 06 Jan 2004 07:56:42 +0000
But note the AUTH section - the way I would expect these RBL's to work is if
the relaying server is good, ignore it, or if the first header is AUTH'd,
ignore the RBL - otherwise remote access to a mail server (even though
authenticated and so on) is impossible - we should be able to trust this top
received header - it comes from our own server - right?
Don't other MTA's offer authenticated SMTP?
Trusted networks works for resitricted open relays, but there should be a
mechanism for dealing with those of us with numerous remote / roaming users
eh?
Can help / test as needed - thanks.
m/
-----Original Message-----
From: Brian Sneddon [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 06, 2004 4:55 AM
To: 'Mitch (WebCob)'; [EMAIL PROTECTED]
Subject: RE: [SAtalk] RCVD_IN_DYNABLOCK,RCVD_IN_SORBS in 2.61 when
sending myself a test message?
Hi, Mitch.
Could you please provide more information regarding the mail server which is
running SpamAssassin? Information such as which MTA it's using, how you're
calling SpamAssassin (procmail, milter, etc.), and whether the machine is on
a private NATed address will be helpful in troubleshooting your problem.
Thanks.
Brian
> -----Original Message-----
> From: Mitch (WebCob) [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 06, 2004 3:10 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] RCVD_IN_DYNABLOCK,RCVD_IN_SORBS in 2.61
> when sending myself a test message?
>
> Can someone explain the logic here... SA for dummies ;-)
>
> I send myself a message... now of course my home computer (by
> ADSL) is in
> SORBS - makes sense... BUT, I am sending TO my authenticating
> ESMTP server
> which is NOT in sorbs - which receives, and relays my message
> - but I still
> trigger these rules?
>
> ---- ----------------------
> ------------------------------------------------
> --
> 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
> [24.83.x.x listed in dnsbl.sorbs.net]
> 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
> [24.83.x.x listed in dnsbl.sorbs.net]
>
> Now HOW is one supposed to send mail? If I sent directly from
> some sort of
> SMTP daemon at my home I would expect this, but does it make
> sense when I am
> relaying through my server?
>
> The headers show the correct progress:
>
> Received: from bigass1.XXX.com ([66.199.X.X])
> by slim1.XXX.com with esmtp; Tue, 06 Jan 2004 07:56:43 +0000
> Received: from a1200 ([24.83.X.X])
> (AUTH: LOGIN [EMAIL PROTECTED])
> by bigass1.XXX.com with esmtp; Tue, 06 Jan 2004 07:56:42 +0000
>
> This doesn't seem to make any sense? ANY email sent by ANY
> user relayed
> through ANY server which properly records a received header
> would seem to
> match this test - shouldn't it only check the top received header?
>
> m/
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills. Sign
> up for IBM's
> Free Linux Tutorials. Learn everything from the bash shell
> to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> _______________________________________________
> Spamassassin-talk mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
>
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
