On 8/24/06, D. J. <[EMAIL PROTECTED]> wrote:
D.J. wrote:
> Hello all.
>
> I searched my archive of the list, and couldn't find a similar issue.
> This is probably something I've misconfigured, but here goes. Running
> SA 3.14 via the Mail::SpamAssassin Perl plugin from amavisd-new. Have
> been running into a problem where some dynamic RBL lists are firing just
> because the IP is in the headers, not necessarily because it's the IP
> talking to my MTA. They are indeed IPs in the list but shouldn't be
> firing because they're really using their ISP's mail servers as you can
> see later in the headers. I'm *really* hoping this isn't intended
> operation and it's just something I've blundered somehow. Below is a
> piece of one of the message notifications I receive. I've been watching
> this on a couple small domains I own before putting it on our main one,
> and it's a good thing!
>
> Thanks in advance for the help.
>
> - D.J.
>
>
> Content analysis details: ( 10.9 points, 5.0 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 1.4 MSGID_FROM_MTA_ID Message-Id for external message added locally
> -0.0 SPF_PASS SPF: sender matches SPF record
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
> [score: 0.4964]
> 2.2 RCVD_IN_SORBS_SOCKS RBL: SORBS: sender is open SOCKS proxy server
> [ 24.140.8.46 <http://24.140.8.46 > listed in
> dnsbl.sorbs.net < http://dnsbl.sorbs.net>]
> 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
> address
> [24.140.8.46 < http://24.140.8.46> listed in
> dnsbl.sorbs.net <http://dnsbl.sorbs.net>]
> 2.6 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
> < http://list.dsbl.org>
> [<http://dsbl.org/listing?24.140.8.46 >]
> 0.7 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy
> [24.140.8.46 < http://24.140.8.46> listed in
> combined.njabl.org < http://combined.njabl.org>]
> 1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
> [24.140.8.46 <http://24.140.8.46> listed in
> combined.njabl.org <http://combined.njabl.org>]
> 1.8 MISSING_SUBJECT Missing Subject: header
> -1.8 AWL AWL: From: address is in the auto white-list
>
> Return-Path: <protected>
> Received: from smtp-1.sssnet.com <http://smtp-1.sssnet.com>
> ( nat-147.sssnet.com <http://nat-147.sssnet.com > [24.140.1.147
> < http://24.140.1.147>])
> by test.sssnet.com < http://test.sssnet.com> (Postfix) with ESMTP
> id 663292B803E
> for <protected>; Wed, 23 Aug 2006 14:58:41 -0400 (EDT)
> Received: (qmail 11376 invoked by uid 507); 23 Aug 2006 18:58:42 -0000
> Received: from 24.140.8.46 < http://24.140.8.46> by smtp-1.sssnet.com
> < http://smtp-1.sssnet.com> (envelope-from <protected>, uid 501) with
> qmail-scanner-1.25st
> (clamdscan: 0.88.2/1715. spamassassin: 3.0.3. perlscan: 1.25st.
> Clear:RC:1( 24.140.8.46 <http://24.140.8.46>):SA:0(1.2/14.0):.
> Processed in 0.727458 secs); 23 Aug 2006 18:58:42 -0000
> X-Spam-Status: No, hits=1.2 required=14.0
> X-Spam-Level: +
> Received: from cable-8-46.sssnet.com < http://cable-8-46.sssnet.com>
> (HELO SERVER) ([ 24.140.8.46 <http://24.140.8.46>])
> (envelope-sender <protected>)
> by 0 ( qmail-ldap-1.03) with SMTP
> for <protected>; 23 Aug 2006 18:58:41 -0000
> From: "Sue Repp" <protected>
> To: "'Mary Richardson'" <protected>
> Subject:
> Date: Wed, 23 Aug 2006 14:58:53 -0400
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="----=_NextPart_000_0000_01C6C6C4.ABD60F20"
> X-Mailer: Microsoft Office Outlook, Build 11.0.5510
> Thread-Index: AcbG5izxOwnp3dUpR7iOx6AZ33ceQQ==
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
> X-Qmail-Scanner-Message-ID: <[EMAIL PROTECTED]
> <mailto: [EMAIL PROTECTED]>>
> Message-Id: <[EMAIL PROTECTED]
> <mailto: [EMAIL PROTECTED]>>
On 8/23/06, Stuart Johnston < [EMAIL PROTECTED]> wrote:
As a quick guess, you probably need to fix your Trust Path:
http://wiki.apache.org/spamassassin/TrustPathNo, I've got that set properly, as I didn't trust the autodiscovery. So I've already entered the class C for my MX's and SMTP's there for both trusted_networks and internal_networks.
