Hi!
On 18.06.2015 00:39, RW wrote:
> On Wed, 17 Jun 2015 23:08:55 +0200
> Franz Schwartau wrote:
>
>> Hi!
>>
>> A few days ago I replaced AWL with TxRep. From time to time I get
>> unusual high scores caused by TxRep since then.
>>
>> So I started debugging the TxRep plugin a bit. The high scores are
>> caused by "HELO: localhost" after sa-learn of a spam mailbox.
>>
>> In check_senders_reputation() line 1252 reads:
>>
>> foreach my $rly ( @{$pms->{relays_trusted}},
>> @{$pms->{relays_untrusted}} ) {
>>
>> Thus every relay parsed from Received headers is used. This leads to
>> $helo = 'localhost' (line 1256) if there is no from in a Received
>> header.
> ...
>> I don't get why TxRep evaluates every relay in line 1252 and
>> following. Shouldn't it just use the latest relay?
>
> As far as I can see it does. It works it's way back through the headers
> setting $helo as it goes, so $helo ends-up being set on the last
> received header tested that matches the criteria (the last tested being
> from the lowest received header in the email).
Yes, TxRep right now uses the _last_ Received header. IMHO it should use
the _latest_ Received header, only.
Let's have a look at the following series of Received header which cause
the problem:
Received: from mail-wi0-f175.google.com (mail-wi0-f175.google.com
[209.85.212.175])
by mx1.domain.com (envelope-sender <ale...@price2spy.com>)
(MIMEDefang) with ESMTP id t5HJ97If029681
for <recipi...@domain.com>; Wed, 17 Jun 2015 21:09:10 +0200
Received: by wiwd19 with SMTP id d19so1242876wiw.0
for <recipi...@domain.com>; Wed, 17 Jun 2015 12:09:07 -0700 (PDT)
Received: from localhost ([188.95.50.54])
by mx.google.com with ESMTPSA id
ka7sm8287084wjc.36.2015.06.17.12.09.06
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Wed, 17 Jun 2015 12:09:07 -0700 (PDT)
The lastest (third) Received header causes $helo to be set to 'localhost'.
It would make more sense if TxRep uses the lastest (first) Received
header setting $helo to 'mail-wi0-f175.google.com'.
Best regards
Franz
