I am using Spamassassin 3.2.4-1ubuntu1.1. Spamassassin is used by my Exim
server with spamd.
The problem is have is that sometimes I get RBL hits eventhrough the sender
is using a valid smarthost.
Example:
Received: from fmmailgate04.web.de ([217.72.192.242])
by myMailServer with esmtp (Exim 4.69)
(envelope-from <x...@web.de>)
id 1MP2VJ-0002cW-7J
for myEmailAddress; Fri, 10 Jul 2009 00:54:17 +0200
Received: from web.de
by fmmailgate04.web.de (Postfix) with SMTP id 784E0617C621
for <myEmailAddress>; Fri, 10 Jul 2009 00:54:08 +0200 (CEST)
Received: from [213.39.158.25] by freemailng0206.web.de with HTTP;
Fri, 10 Jul 2009 00:54:06 +0200
Date: Fri, 10 Jul 2009 00:54:06 +0200
Message-Id: <1160922...@web.de>
MIME-Version: 1.0
From: x...@web.de
To: myExmailAdress
Subject: blabla
Precedence: fm-user
Organization: http://freemail.web.de/
X-Provags-Id: V01U2FsdGVkX18lP5sKSYPx3TgWHEN1Z7L2NW5G+X9Sks0ysU4QuxLtgDrif
soaQGoAe2gbxmEtxcXfIJQCtJ44ojT8Zmcm0H6ShN663CUEajdFvPtO4mHtn
w==
Content-Type: text/plain; charset=iso-8859-15
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.4 (/)
X-Spam-Report: Spam report:
If you have any questions, see postmas...@dwsa.de for details.
Content analysis details: (-0.4 points)
pts rule name description
---- ----------------------
--------------------------------------------------
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
1.4 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76
chars
1.6 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy
[213.39.158.25 listed in combined.njabl.org]
-0.8 AWL AWL: From: address is in the auto white-list
As you see the sender is using web.de (a large German freemail service) as a
smarthost. The web.de server (217.72.192.242 ) which delivered the email to
my exim is not listed in any rbl ist but the address the sender used to
deliver the email to the web.de smarthost (213.39.158.25) is.
As far as I understand SpamAssassin is supposed to just check the ip that
directly delivered the email to my server but not the IP the email is
originally from (as that woundn't make any sense as almost everyone is using
dyn ips...).
I would really appreciate some hints what is going wrong here and how to fix
that.
Thanks!
Danusch
--
View this message in context:
http://www.nabble.com/rbl-dnsbl-seems-to-use-wrong-ip-sometimes-tp24443359p24443359.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
