https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6334
Summary: RCVD_IN_PBL false positives against IMP "Received"
header
Product: Spamassassin
Version: 3.3.0
Platform: All
OS/Version: All
Status: NEW
Severity: critical
Priority: P5
Component: Rules
AssignedTo: [email protected]
ReportedBy: [email protected]
The IMP web-based email client (http://www.horde.org/imp) writes a "Received:"
header to messages containing the current IP address of the logged-in sender.
The header is almost identical to those generated by Exim or Sendmail except
that instead of being received "with esmtp" or "with smtp" it is tagged "with
HTTP".
The problem is that if the IP address in the IMP-added Received line is listed
in the Spamhaus PBL, then it triggers the RCVD_IN_PBL test. Given that the
point of that test is to spot people going around their ISPs' MTAs to send
unauthenticated messages, this behavior seems to be a bug in the RCVD_IN_PBL
rule.
This problem probably goes back into the 3.2.x series but became critical with
3.3.0 when the default scores went from {0 0.509 0 0.905} to {0 3.558 0 3.335}.
Here are the message headers from an affected message:
--- Message Headers Begin ---
Return-Path: <[email protected]>
Received: from outgoing-1.umail.ucsb.edu (outgoing-1.umail.ucsb.edu
[128.111.151.61])
by lifesci.lifesci.ucsb.edu (8.14.3/8.14.1) with ESMTP id o15NJLEl029472
for <[email protected]>; Fri, 5 Feb 2010 15:19:21 -0800 (PST)
Received: from web-1.umail.ucsb.edu ([128.111.151.41] helo=localhost)
by outgoing-1.umail.ucsb.edu with esmtp (Exim 4.63)
(envelope-from <[email protected]>)
id 1NdXSK-0001uA-ML
for [email protected]; Fri, 05 Feb 2010 15:19:20 -0800
Received: from adsl-68-120-70-160.dsl.irvnca.pacbell.net
(adsl-68-120-70-160.dsl.irvnca.pacbell.net [68.120.70.160]) by
webaccess.umail.ucsb.edu (Horde Framework) with HTTP; Fri, 05 Feb 2010
15:19:20 -0800
Message-ID: <[email protected]>
Date: Fri, 05 Feb 2010 15:19:20 -0800
From: "User #1" <[email protected]>
To: "User #2" <[email protected]>
Subject: OUR SUBJECT
MIME-Version: 1.0
Content-Type: text/plain;
charset=ISO-8859-1;
DelSp="Yes";
format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.3.4)
X-Originating-IP: 68.120.70.160
X-Remote-Browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2)
Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2
(lifesci.lifesci.ucsb.edu [128.111.226.5]); Fri, 05 Feb 2010 15:19:21 -0800
(PST)
X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on lifesci
X-Spam-Flag: YES
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.9 required=5.0 tests=BAYES_50,HELO_NO_DOMAIN,
RCVD_IN_PBL,RDNS_NONE autolearn=no version=3.3.0
X-Virus-Scanned: clamav-milter 0.95.1-exp at lifesci
X-Virus-Status: Clean
--- Message Headers End ---
--
Configure bugmail:
https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
