Hi! Am 24.03.25 um 15:54 schrieb Matus UHLAR - fantomas:
On 24.03.25 15:19, Andreas Haumer wrote:Recently I noticed a (at least for me) very strange problem with a mailserver running sendmail + SpamAssassin: sometimes (not always!) the Received: header inserted by sendmail is completely wrong, triggering SpamAssassin rules like "T_DATE_IN_FUTURE_96_Q"More details: this is an internet-facing mail MX, currently running Debian 10 with sendmail 8.15.2 and spamass-milter 0.4.0note that with milter, current Received: header is NOT the one produced by MTA but by spamass-milter. The milter protocol provides message exactly as it came without local additions like Received: header. This also means that Received: header spamd sees as mail is being received is diferent than the one you see later. looking at logs I've had similar problem years ago: https://marc.info/?l=spamassassin-users&m=139282758624769&w=2 without success: https://marc.info/?l=spamassassin-users&m=139410750008972&w=2 and IIRC the working solution was to avoid sending 'b' macro at all, so spamass-milter generates its own.
Thank you! This was very important input! I now also found this on the Debian bug tracker: "spamass-milter adds bad Received: header, creating false positive" <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775183> As well as this: "confMILTER_MACROS_ENVRCPT should probably not contain {b} macro" <https://github.com/andybalholm/spamass-milter/issues/9> It seems I've hit a very old bug! I have now changed my milter configuration to: INPUT_MAIL_FILTER(`opendkim', `S=local:/var/run/opendkim/opendkim.sock') INPUT_MAIL_FILTER(`pyspf-milter', `S=local:/run/pyspf-milter/pyspf-milter.sock')dnl INPUT_MAIL_FILTER(`opendmarc', `S=local:/var/run/opendmarc/opendmarc.sock')dnl INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl define(`confMILTER_MACROS_ENVFROM',`{auth_authen}')dnl define(`confMILTER_MACROS_ENVRCPT',`i, j, r, v, Z, {auth_type}')dnl I now have the "b" macro in MILTER_MACROS_CONNECT only (as suggested by the debian bugreport) Now I have to wait and see if that helps. (Of course I restarted sendmail now so I have to look very carefully if the inserted "Received" header now contains the correct timestamp. Regards, - andreas -- Andreas Haumer *x Software + Systeme | mailto:andr...@xss.co.at Karmarschgasse 51/2/20 | https://www.xss.co.at/ A-1100 Vienna, Austria | Tel: +43-1-6060114
OpenPGP_signature.asc
Description: OpenPGP digital signature
