> [EMAIL PROTECTED] wrote:
> > The following email to me gets through by their spoofing my IP even
though
> > it clearly comes from somewhere else. I remember someone mentioning a
> > trusted_networks-like setting that used something like a
> > apparently_received_from name or something similar. How do I set it up?
> > Just a pointer to a DOC will suffice, unless you've had trouble setting
it
> > up...
> >
> > I've searched google and have found some cryptic stuff but am new enough
> > to this to ask for help. I hope this isn't so elementary that I'm
> > annoying.
> >
> > <<< start email header >>>
> >
> > Return-Path: <[EMAIL PROTECTED]>
> > X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on
> > moroni.ourldsfamily.com
> > X-Spam-Status: No, score=-89.8 required=0.8 tests=AWL,INVALID_TZ_EST,
> > MIME_BOUND_DD_DIGITS,MSGID_DOLLARS_RANDOM,RCVD_HELO_IP_MISMATCH,
> > RCVD_IN_SORBS_SOCKS,RCVD_IN_WHOIS_BOGONS,RCVD_NUMERIC_HELO,
> > UNPARSEABLE_RELAY,USER_IN_WHITELIST,X_MESSAGE_INFO autolearn=no
>
> Hi,
>
> You want to look at USER_IN_WHITELIST_TO or USER_IN_WHITELIST_FROM, not
> your current setting of USER_IN_WHITELIST in you rlocal.cf or user_prefs.
>
> Regards,
>
> Rick
>
I've run across a similar issue and believe it to be a bug in the way
Spamassassin handles WHITELIST_FROM_RCVD.
According to the docs, whitelist_from_rcvd matches what you've specified as
an ok rDNS location "against the reverse DNS lookup used during the handover
from the internet to your internal network's mail exchangers. ".
However, if you look at the received header Karl posted:
Received: from 198.60.114.90 ([200.167.92.14])
^^^^^^^^^^^^^^^
by moroni.ourldsfamily.com (8.12.5/8.12.5) with SMTP id jAAHFTBO030068
for <[EMAIL PROTECTED]>; Thu, 10 Nov 2005 10:15:31 -0700
and check the IP address this message came from, no PTR records exist for
this IP so his system can't do a reverse DNS lookup. For some reason, in
this case Spamassassin seems to trust the "from 198.60.114.90" part of the
header as the source of the message, which if I understand my mail headers
properly comes from the easily forged HELO exchange. (Of course, I could be
wrong about this.)
My guess is that Karl's config file has something like
WHITELIST_FROM_RCVD [EMAIL PROTECTED] 198.60.114.90
causing Spamassassin to trigger the USER_IN_WHITELIST rule, even though this
message was not really received from his trusted IP.
Someone correct me if I'm wrong about the way I'm reading my headers;
otherwise I probably will file the bugzilla!
Sandy
