ham marked as spam: bogus IP in report

Mon, 23 Jan 2012 08:51:14 -0800 

Hi,

recently, my spamassassin started to score system messages as spam,
mentioning IP numbers not in the email:



Return-Path: <x...@w1.oeko.net>
Delivered-To: xx...@oeko.net
Received: from localhost (localhost [127.0.0.1])
        by w3.oeko.net (Postfix) with ESMTP id AB1E725CEA
        for <supp...@oeko.net>; Sun, 22 Jan 2012 04:17:01 +0100 (CET)
X-Spam-Flag: YES
X-Spam-Score: 8.101
X-Spam-Level: ********
X-Spam-Status: Yes, score=8.101 tagged_above=-1 required=5
        tests=[CHECK_SPAMHAUS_ZEN=2, DKIM_ADSP_NXDOMAIN=0.8,
        NO_DNS_FOR_FROM=0.379, RCVD_IN_PBL=3.558, RCVD_IN_SORBS_DUL=0.001,
        RDNS_DYNAMIC=0.363, TO_NO_BRKTS_DYNIP=1] autolearn=unavailable
X-Spam-Report:
 *  0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records
 *  2.0 CHECK_SPAMHAUS_ZEN RBL: SPAMHAUS_ZEN: IP is listed in Spamhaus' ZEN
 *      list
 *      [91.0.104.164 listed in zen.spamhaus.org]
 *  3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
 *  0.8 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in DNS
 *  0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
 *      [91.0.104.164 listed in dnsbl.sorbs.net]
 *  0.4 RDNS_DYNAMIC Delivered to internal network by host with
 *      dynamic-looking rDNS
 *  1.0 TO_NO_BRKTS_DYNIP TO_NO_BRKTS_DYNIP
Received: from w3.oeko.net ([127.0.0.1])
        by localhost (w3.oeko.net [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id zbFw-kX9Fx8M for <supp...@oeko.net>;
        Sun, 22 Jan 2012 04:17:01 +0100 (CET)
Received: from w1.oeko.net (w1.oeko.net [46.29.42.1])
        by w3.oeko.net (Postfix) with ESMTP
        for <supp...@oeko.net>; Sun, 22 Jan 2012 04:17:01 +0100 (CET)
Received: by w1.oeko.net (Postfix)
        id 6697817DC8; Sun, 22 Jan 2012 04:17:01 +0100 (CET)
Delivered-To: x...@w1.oeko.net
Received: by w1.oeko.net (Postfix, from userid 118)
        id 637D417DC7; Sun, 22 Jan 2012 04:17:01 +0100 (CET)
From: r...@w1.oeko.net (Cron Daemon)
To: hostmas...@w1.oeko.net
Subject: Cron <nsd@w1> test -x /usr/sbin/nsdc && /usr/sbin/nsdc patch (failed)
Content-Type: text/plain; charset=UTF-8
X-Cron-Env: <MAILTO=hostmaster>
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/home/nsd>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=nsd>
Message-Id: <20120122031701.637d417...@w1.oeko.net>
Date: Sun, 22 Jan 2012 04:17:01 +0100 (CET)



The report prominently mentions the IP number 91.0.104.164, which has
absolutely nothing to do with us, and likewise, the server w1.oeko.net
_does_ actually have an A record. This is SpamAssassin 3.3.1 on
Debian/Squeeze, run from amavisd-new.


Am I looking at a bug in SA? And/Or, how do I debug this, please?



Kind regards,
--Toni++

Reply via email to