At 09:02 PM 1/19/04 +0100, Anders Sveen wrote:
I'm actually listed because it originates from a dynamic ip-range. Nothing more. It surprises me that they lists ip's for only beeing dynamic, but then I discovered the way RBLs are being used by mailservers and then it actually made sense. It doesn't make sense the way SA uses it. :)
Actualy the way SA uses it does make perfect sense, but you've overlooked one detail.
You believe that SA checks all IPs against ALL rbls.. That's not true.. It checks most RBLs against all IP addresses, but a few (ie: dynablock) are configured with "notfirsthop", causing them to skip the first IP in the list.
However, the root-rule, RCVD_IN_SORBS, must be run against them all, because some of the sub-tests are not based on dynamic listings. This is why RCVD_IN_SORBS has almost no score to it. RCVD_IN_DYNABLOCK (a sorbs-based-test) won't match when the mail is relayed properly.
(note: all of the above assumes that spamassassin is configured properly. MANY mail system admins have problems with SA and have failed to insert their own server's IP address into trusted_networks when they need to. Note that this is their server, not the dialup ISP's server.. SA must trust itself for notfirsthop to work. SA tries, but some network configs (ie: nat) cause SA to fail to trust even localhost)
i currently have trouble getting RBL checks to work on my mailserver too. whenever i activate those checks any mail that's sent from dialup ip's are marked with the DYNABLOCK rule. and i don't mean they we're sent from dialup-ip mailservers, no they we're properly relayed through either my own mailserver(s) or their ISP's legit servers.
i tested many things with the trusted users settings and googled around but i had no luck so far.
except that i stumbled on a posting from this lists archive that makes me think that something is broken and that it would be fixed in the upcoming 2.7 version of SA.
i can't say i fully understand the concept of the trusted_networks and when it is supposed to perform the RBL checks.
here's an excerpt SA output from one of my mails:
debug: received-header: relay (my mailservers ip) trusted? yes debug: received-header: relay (users dialup ip) trusted? no
all mailchecks had been performed on that mail so it was squashed by SA.
but from what i've learned the ip from the first received line shouldn't have been checked which would have resulted that the mail came from a trusted network.
is it ture that there is some problem with SA's code or do i just have broken config?
thanks for your help
ralf
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
