I'm cross posting this message here just to keep other courier users in the
loop. I'm a long time courier user but not quite as long time SpamAssassin
user. I noticed a problem with false positives related to the default
settings in SA. Messages sent from my home machine to myself were being
detected as spam due to a score on the RCVD_IN_DYNABLOCK test which is
supposed to trip when the top received header indicates the mail was
received from an address in a dynamic pool - like a cable modem / etc.
My first concern is that apparently due to the differences in courier's vs
sendmails Received header formats, the first courier header is not always
detected. Secondly, if I am sending to another user in my own system via
authenticated SMTP, the rule still triggers - even though my authentication
on the server should allow me some sort of "whitelist" like status (my
humble opinion).
I'm assuming that someone on the SA side can fix the failure to detect the
first header, and hopefuly the authentication issue as well (when the first
Received header shows "(AUTH: ..."). As this pertains courier specifically,
and it may be causing false positives I thought I'd share it here.
Hope it helps - I'll post the resolution as well assuming there is one.
cheers.
Original message from SAtalk follows.
m/
With the help of Shane Williams (who received a message and showed me how it
passed his SA ok) I figured out the following:
Courier formats it's received lines like this (this trips
RCVD_IN_DYNABLOCK):
Received: from bigass1.XXX.com ([66.199.X.X])
by slim1.XXX.com with esmtp; Tue, 06 Jan 2004 23:56:09 +0000
Received: from a1200 ([24.83.X.X])
(AUTH: LOGIN [EMAIL PROTECTED])
by bigass1.XXX.com with esmtp; Tue, 06 Jan 2004 23:56:09 +0000
Shane I presume (by version numbers) is running sendmail - which has a
different Received format and DOESN'T trip RCVD_IN_DYNABLOCK:
Received: from bigass1.XXX.com (ns1.XXX.com [66.199.X.X])
by fiat.XXX.edu (8.12.10/8.12.10) with ESMTP id
i06MBJ6U020255
for <[EMAIL PROTECTED]>; Tue, 6 Jan 2004 16:11:19 -0600
Received: from a1200 ([24.83.X.X])
(AUTH: LOGIN [EMAIL PROTECTED])
by bigass1.XXX.com with esmtp; Tue, 06 Jan 2004 22:09:53 +0000
So for starters, the "-notfirsthop" option seems to be missing my first
header.
And for seconds... I will still have a problem when my first header is
AUTHENTICATED.
If I send mail to myself, my ONLY received header looks like:
Received: from a1200 ([24.83.X.X])
(AUTH: LOGIN [EMAIL PROTECTED])
by bigass1.XXX.com with esmtp; Tue, 06 Jan 2004 23:56:09 +0000
Which I think should be ignored - although headers can be forged, the first
header can't - right? And if it says authenticated, I shouldn't be penalized
for sending mail to myself - right?
So now what - do I file a bug report ? or have I already put the info in the
right place?
Thanks a bunch for the tool - glad to do my bit - I imagine that this
problem affects all courier users. Unless I'm missing something?
Thanks!
m/
-----Original Message-----
From: Brian Sneddon [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 06, 2004 4:55 AM
To: 'Mitch (WebCob)'; [EMAIL PROTECTED]
Subject: RE: [SAtalk] RCVD_IN_DYNABLOCK,RCVD_IN_SORBS in 2.61 when
sending myself a test message?
Hi, Mitch.
Could you please provide more information regarding the mail server which is
running SpamAssassin? Information such as which MTA it's using, how you're
calling SpamAssassin (procmail, milter, etc.), and whether the machine is on
a private NATed address will be helpful in troubleshooting your problem.
Thanks.
Brian
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
