Re: Whitelist_from_rcvd not working

Sat, 05 Jan 2008 06:47:25 -0800 

[9060] dbg: Botnet: starting
[9060] dbg: Botnet: no trusted relays
[9060] dbg: Botnet: get_relay didn't find RDNS
[9060] dbg: Botnet: IP is '169.200.184.174'
[9060] dbg: Botnet: RDNS is 'sls-sn-smtp-pmail3.wachovia.com'
[9060] dbg: Botnet: HELO is 'sls-sn-smtp-pmail3.wachovia.com'
[9060] dbg: Botnet: sender
'[EMAIL PROTECTED]'
[9060] dbg: Botnet: miss (none)



These are Botnet plugin messages, they have nothing to do with the normal 
whitelist_from_rcvd check.




[9060] dbg: spf: def_spf_whitelist_from: already checked spf and didn't 
get

pass, skipping whitelist check
[9060] dbg: spf: whitelist_from_spf: already checked spf and didn't get
pass, skipping whitelist check



This is whitelist_from_spf, not whitelist_from_rcvd, and what it concludes 
here shouldn't have an effect on anything else.




Original received header:

Received: from sls-sn-smtp-pmail3.wachovia.com [169.200.184.174] by
mail.visioncomm.net with ESMTP
 (SMTPD32-8.15) id A1253F3B0064; Wed, 02 Jan 2008 03:53:57 -0500

Hacked received header:

Received: from 169.200.184.174 (EHLO sls-sn-smtp-pmail3.wachovia.com
(169.200.184.174)
  by mail.visioncomm.net with ESMTP (SMTPD32-8.15) id A1253F3B0064;
  Wed, 02 Jan 2008 03:53:57 -0500



It appears to me that there is a missing parend in the hacked header, and 
probably it should have been more like



Received: from 169.200.184.174 (EHLO sls-sn-smtp-pmail3.wachovia.com
[169.200.184.174])
  by mail.visioncomm.net with ESMTP (SMTPD32-8.15) id A1253F3B0064;
  Wed, 02 Jan 2008 03:53:57 -0500




Moving on to other parts of the debug output that are maybe more 
interesting:


[9060] dbg: metadata: X-Spam-Relays-Trusted:

There are no trusted relays.


[9060] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=169.200.184.174 rdns= 
helo=sls-sn-smtp-pmail3.wachovia.com by=mail.visioncomm.net ident= envfrom= 
intl=0 id=
A1253F3B0064 auth= msa=0 ] [ ip=172.21.194.240 rdns=p9mpw011.csm.fub.com 
helo=p9mpw011 by=sls-sn-smtp-pmail3.wachovia.com ident= envfrom= intl=0 
id=m028ruM17943

auth= msa=0 ]


The first untrusted relay (169.200.184.174) has a HELO but doesn't have an 
RDNS.  I'm not positive, but I think you need both to get 
whitelist_from_recvd to work.



[9060] dbg: metadata: X-Spam-Relays-Internal:

[9060] dbg: metadata: X-Spam-Relays-External: [ ip=169.200.184.174 rdns= 
helo=sls-sn-smtp-pmail3.wachovia.com by=mail.visioncomm.net ident= envfrom= 
intl=0 id=A
1253F3B0064 auth= msa=0 ] [ ip=172.21.194.240 rdns=p9mpw011.csm.fub.com 
helo=p9mpw011 by=sls-sn-smtp-pmail3.wachovia.com ident= envfrom= intl=0 
id=m028ruM17943

auth= msa=0 ]

























					Reply via email to