El día Monday, November 23, 2015 a las 10:38:20AM +0100, Reindl Harald escribió:
> > $ fgrep RDNS_NONE /tmp/apache.d > > nov 23 08:30:06.666 [2204] dbg: rules: ran header rule __RDNS_NONE ======> > > got hit: "[ ip=140.211.11.3 rdns= " > > > > you can find the full -D output of such a mail here: > > > > http://www.unixarea.de/apache.d.txt > > post the full headers of that message > Here it is: >From users-return-110371-guru=unixarea...@spamassassin.apache.org Mon Nov 23 >07:12:54 2015 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on c720-r276659 X-Spam-Level: * X-Spam-Status: No, score=1.5 required=3.0 tests=FREEMAIL_FORGED_FROMDOMAIN, FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,RDNS_NONE autolearn=no autolearn_force=no version=3.4.0 X-Spam-Report: + * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider * (rwmaillists[at]googlemail.com) * 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail * domains are different * 0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and * EnvelopeFrom freemail headers are different * 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS Received: from c720-r276659 (c720-r276659 [127.0.0.1]) by localhost.unixarea.de (8.14.9/8.14.9) with ESMTP id tAN6CrU3001029 for <guru@localhost>; Mon, 23 Nov 2015 07:12:54 +0100 (CET) (envelope-from users-return-110371-guru=unixarea...@spamassassin.apache.org) Delivered-To: <w51246_0-g...@mb-19.1blu.de> Received: from imap.1blu.de [178.254.4.78] by c720-r276659 with IMAP (fetchmail-6.3.26) for <guru@localhost> (single-drop); Mon, 23 Nov 2015 07:12:54 +0100 (CET) Received: from ms-10.1blu.de ([178.254.4.101]) by mb-19.1blu.de (Dovecot) with LMTP id WZG0HMExUlZlagAAYCFinw for <w51246_0-g...@mb-19.1blu.de>; Sun, 22 Nov 2015 22:24:11 +0100 Received: from [140.211.11.3] (helo=mail.apache.org) by ms-10.1blu.de with smtp (Exim 4.76) (envelope-from <users-return-110371-guru=unixarea...@spamassassin.apache.org>) id 1a0c7H-0003WU-3m for g...@unixarea.de; Sun, 22 Nov 2015 22:24:11 +0100 Received: (qmail 23115 invoked by uid 500); 22 Nov 2015 21:24:07 -0000 Mailing-List: contact users-h...@spamassassin.apache.org; run by ezmlm Precedence: bulk list-help: <mailto:users-h...@spamassassin.apache.org> list-unsubscribe: <mailto:users-unsubscr...@spamassassin.apache.org> List-Post: <mailto:users@spamassassin.apache.org> List-Id: <users.spamassassin.apache.org> Delivered-To: mailing list users@spamassassin.apache.org Received: (qmail 23105 invoked by uid 99); 22 Nov 2015 21:24:07 -0000 Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 22 Nov 2015 21:24:07 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 10C71180A17 for <users@spamassassin.apache.org>; Sun, 22 Nov 2015 21:24:07 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=googlemail.com Received: from mx1-us-east.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id d2vGlDbDpKNY for <users@spamassassin.apache.org>; Sun, 22 Nov 2015 21:23:53 +0000 (UTC) Received: from mail-wm0-f54.google.com (mail-wm0-f54.google.com [74.125.82.54]) by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with ESMTPS id EE565439E9 for <users@spamassassin.apache.org>; Sun, 22 Nov 2015 21:23:52 +0000 (UTC) Received: by wmvv187 with SMTP id v187so136485059wmv.1 for <users@spamassassin.apache.org>; Sun, 22 Nov 2015 13:23:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; bh=riWYFS9v30NIoy9Voy257GkAZ5ONIg1yqUCyMesK1wE=; b=buHdP/ePl7rfHA3zDzs8SvG0RtFiy3Za8rZdhS8f/G0JVI7fm9ErVtcSQ2z/cnB385 eVrk/TZCsPC4jACfyHND07kNlIg5h7dNUcJvP0v4pgdAa8nDIt9OHYBoexBdSueP4srb uBUawjk1dGF2/7P/suZutYLVEGN5OAqPQfEdwrGjjuYT9/YgG5CxcwCH/jCkausJNLu8 Llz0fDgnqhKppk8yLwnEu9o8WkCWzEWYwToFeXX+h5WMOjPgmYdI36c8iLpS9U8kPWFH DgINSnOGl2m4pg3AHh471+mlKXmOjXoj00B4dA/ERqRByqQ4aUcciNyZD/k2OFxHfp2Q qunw== X-Received: by 10.28.73.11 with SMTP id w11mr12028997wma.44.1448227425868; Sun, 22 Nov 2015 13:23:45 -0800 (PST) Received: from gumby.homeunix.com ([94.8.70.38]) by smtp.gmail.com with ESMTPSA id cl5sm10192205wjc.29.2015.11.22.13.23.42 for <users@spamassassin.apache.org> (version=TLSv1/SSLv3 cipher=OTHER); Sun, 22 Nov 2015 13:23:43 -0800 (PST) Date: Sun, 22 Nov 2015 21:23:40 +0000 From: RW <rwmailli...@googlemail.com> To: users@spamassassin.apache.org Subject: Re: question re/ RDNS_NONE Message-ID: <20151122212340.239a9...@gumby.homeunix.com> In-Reply-To: <by2pr02mb1315dc0995e438646e0566d0c6...@by2pr02mb1315.namprd02.prod.outlook.com> References: <20151121151553.GA2953@c720-r276659> <by2pr02mb13156f386c213d7e5fd55f58c6...@by2pr02mb1315.namprd02.prod.outlook.com> <20151121194328.6ca61...@gumby.homeunix.com> <by2pr02mb1315dc0995e438646e0566d0c6...@by2pr02mb1315.namprd02.prod.outlook.com> X-Mailer: Claws Mail 3.13.0 (GTK+ 2.24.28; amd64-portbld-freebsd10.2) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Envelope-To: g...@unixarea.de Status: RO Content-Length: 2168 Lines: 60 On Sun, 22 Nov 2015 13:39:49 +0000 David Jones wrote: > >From: RW <rwmailli...@googlemail.com> > > by ms-10.1blu.de with esmtpsa > > (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) > > >This is a submission header, so the DNS of 93.104.16.254 doesn't > >matter. > > Thank you for pointing that out. Also now that we know that SA is > running on a local netbook, it would make sense that the problem > server is 178.254.4.77. It's SMTP HELO is imap.1blu.de but it's > forward and reverse DNS is mf-13.1blu.de. That wont be a problem, a fetchmail header cannot be recognised as the edge of the internal network. It's not a test for full-circle DNS. And as I pointed out, the next header down was the one that triggered RDNS_NONE in the absence of any trusted or internal network. > Interesting that this > Received header was added via IMAP. > > That IP or subnet could be added to the trusted_networks list if > it's always going to be in there. If it's the ISP's hosting mail > server then it needs to be skipped to get back to the first public IP > that sent to smtp.1blu.de. The server before smtp.1blu.de should > be the one where all of the network checks are done. There shouldn't be any such tests on this email because it was submitted directly into the service provider's network. This means that the mail passed though a different route compared to normal delivery. Getting the internal/trusted networks right for this kind of mail is of often significantly more difficult than dealing with the normal case, and may be more trouble than it's worth on a network you don't control. A test email that's sent through a third-party mail service is much more representative as a test. > https://wiki.apache.org/spamassassin/Rules/RDNS_NONE > > RDNS_NONE checks more than just the PTR (reverse) DNS record. > It really should be named FCRDNS_NONE Then the wiki is wrong. header __RDNS_NONE X-Spam-Relays-External =~ /^[^\]]+rdns= / header __DOMINO_RCVD Received =~ /by \S+ \(Lotus Domino / header __CGATE_RCVD Received =~ /by \S+ \(CommuniGate Pro/ meta RDNS_NONE (__RDNS_NONE && !__CGATE_RCVD && !__DOMINO_RCVD) -- Matthias Apitz, ✉ g...@unixarea.de, 🌐 http://www.unixarea.de/ ☎ +49-176-38902045
