Re: Problem with X-Originating-IP and PBL

Mon, 16 Feb 2015 07:03:32 -0800 

On 02/09/2015 01:53 PM, Kevin A. McGrail wrote:

On 2/9/2015 7:43 AM, rsmits-l wrote:

I have been reading some threads on the Internet about problems with
the field "X-Originating-IP" and the Spamhaus PBL list. We are also
having this problem. I have installed a workaround for this but is not
working bulletproof.

I am wondering if there is a permanent solution for this ? I am
running : SpamAssassin version 3.3.1
running on Perl version 5.10.1
amavisd-new : amavisd-new-2.8.0 (20120630)

The workaround I have made :

header OFFICE365_01 Received =~ /\.outbound\.protection\.outlook\.com/i
header OFFICE365_02 x-originating-ip =~ /^\[/

But I am also seeing some real spam coming from Microsoft so this is
not bulletproof.

Has anyone got information ?


My guess is that if you check the email from the command line, it does
not fire against the RBL but something in the glue is either A)
synthesizing a header using the X-Originating-IP or the same IP; or B)
there is a logic case in SA that is hitting in the glue but not otherwise.

Someone else was mentioning this a few days ago using spamass-milter, I
believe.

Can you test the email from the command line? Can you provide a sample
on pastebin?

Regards,
KAM
A late reply, but this week I started investigating why this happens. I have edited a sample. If someone can take a look why the PBL is firing here is would be great. 

http://pastebin.com/xxFAPTay

Spamassassin output at my end is :

pts rule name              description
---- ---------------------- -------------------------------------------------- 
  10 RCVD_IN_PBL            RBL: Received via a relay in Spamhaus PBL
                            [151.66.59.47 listed in zen.spamhaus.org]
-0.1 OFFICE365_01           OFFICE365_01
 0.0 FSL_HELO_NON_FQDN_1    FSL_HELO_NON_FQDN_1
-0.1 OFFICE365_02           OFFICE365_02
 1.6 RCVD_IN_BRBL_LASTEXT   RBL: RCVD_IN_BRBL_LASTEXT
[151.66.59.47 listed in bb.barracudacentral.org] 
 -10 OFFICE365_M            OFFICE365_M
 0.6 FORGED_OUTLOOK_TAGS    Outlook can't send HTML in this format
 1.5 TVD_SPACE_RATIO        TVD_SPACE_RATIO
 4.0 BOUNCE_MESSAGE         MTA bounce message
 0.1 ANY_BOUNCE_MESSAGE     Message is some kind of bounce message

Greetings, Richard Smits.

Reply via email to