mipl:1:46 [/tmp] # spamassassin -D < SunTrust_spam |& egrep -i received\|records\|Relays
debug: received-header: parsed as [ ip=137.78.38.32 rdns=mipl.jpl.nasa.gov helo=mipl.jpl.nasa.gov by=miplnew.JPL.NASA.GOV ident= envfrom= intl=0 id=000269AE.41A2E06E.0000203E ]
debug: received-header: parsed as [ ip=137.78.160.64 rdns=eis-msg-mx01.jpl.nasa.gov helo=eis-msg-mx01.jpl.nasa.gov by=mipl.jpl.nasa.gov ident= envfrom= intl=0 id=XAA21874 ]
debug: looking up A records for 'miplnew.JPL.NASA.GOV'
debug: A records for 'miplnew.JPL.NASA.GOV': 137.78.38.109
debug: received-header: 'from' 137.78.38.32 is near to first 'by'
debug: received-header: relay 137.78.38.32 trusted? yes internal? no
debug: received-header: 'from' 137.78.160.64 is near to first 'by'
debug: received-header: relay 137.78.160.64 trusted? yes internal? no
debug: metadata: X-Spam-Relays-Trusted: [ ip=137.78.38.32 rdns=mipl.jpl.nasa.gov helo=mipl.jpl.nasa.gov by=miplnew.JPL.NASA.GOV ident= envfrom= intl=0 id=000269AE.41A2E06E.0000203E ] [ ip=137.78.160.64 rdns=eis-msg-mx01.jpl.nasa.gov helo=eis-msg-mx01.jpl.nasa.gov by=mipl.jpl.nasa.gov ident= envfrom= intl=0 id=XAA21874 ]
debug: metadata: X-Spam-Relays-Untrusted:
debug: SPF: message was delivered entirely via trusted relays, not required
debug: SPF: message was delivered entirely via trusted relays, not required
Received: from localhost by miplnewold.jpl.nasa.gov
Received: from mipl.jpl.nasa.gov (mipl.jpl.nasa.gov [::ffff:137.78.38.32])
Received: from eis-msg-mx01.jpl.nasa.gov (eis-msg-mx01.jpl.nasa.gov [137.78.160.64])
Received: from cpe-69-75-17-251.hawaii.rr.com by eis-msg-mx01.jpl.nasa.gov; Mon, 22 Nov 2004 22:07:57 -0800
This makes me suspicious of this ALL_TRUSTED rule - in other words, here's a blatant SPAM that was sent from a RoadRunner customer in
Can you put up the full received: headers?
It seems SA can't correctly parse the one from eis-msg-mx01, thus the trust-path code isn't aware of the RR system.
