Re: FreeMail plugin updated

[Mark Martinec]

On Thursday September 2 2010 01:52:28 Runbox wrote:
 Would you please remove Runbox.com from that list as we have not been a
 free email provider since 2001.
 Kim

Thanks, removed!
Should propagate with the next sa-update.

  Mark

Adding custom surbl servers to local.cf

[selven]

Hi, i have set up an RBLDNSD server hopefully to do surbl for me, but i have
no clue how to make spamassassin query that, i don't have any clue how to
add that in local.cf .. if someone could point me to the right direction,
that'll be really appreciated.

thanks
-- 
$3|v3n

Re: Adding custom surbl servers to local.cf

[Benny Pedersen]

On tor 02 sep 2010 12:31:16 CEST, selven wrote


Hi, i have set up an RBLDNSD server hopefully to do surbl for me, but i have
no clue how to make spamassassin query that, i don't have any clue how to
add that in local.cf .. if someone could point me to the right direction,
that'll be really appreciated.


okay let me show how i do, there might be more how to outthere :)

#/etc/bind/named.conf
zone dnsbl-that-are-checked-in-spamassassin IN {
type forward;
forward only;
forwarders { 127.0.0.2; };
};


#/etc/conf.d/rbldns (gentoo)
OPTIONS=-q -f \
-r /var/db/rbldnsd \
-b 127.0.0.2 \
-u rbldns \
-p /var/run/rbldnsd.pid \
dnsbl-that-are-checked-in-spamassassin:set-type:file-to-raed-locally


i bind rbldnsd to 127.0.0.2 so i can still have named on 127.0.0.1

--
xpoint http://www.unicom.com/pw/reply-to-harmful.html

Re: Spamassassin not checking user provided RBLs

[Benny Pedersen]

On tor 02 sep 2010 09:08:30 CEST, Chris Datfung wrote

I ran sa-update. As you pointed out, there are a number of RBLs in the
standard configuration that for some reason aren't checked, thus I thought I
could easily fix that by adding them to local.cf and when that didn't work I
tried in init.pre. I do see other RBL generated scores in the message
headers, so it appears that some RBL checks are indeed performed.


try to debug it as below with

spamassassing 21 -D -t msg | less

what are being tested at what fails ?


Do you see any obvious problems?


only that you posted to much on a maillist :)

well fun aside check the pre files that you load plugins right as you  
like it to be, and then check again for not installed plugins


eg if you have DKIM loaded in pre it does not wotk if the DKIM plugin  
is not installed


--
xpoint http://www.unicom.com/pw/reply-to-harmful.html

Re: Spamassassin not checking user provided RBLs

[Yet Another Ninja]

On 2010-09-01 22:47, Chris Datfung wrote:

I'm running spamassassin version 3.3.1-1 from the Debian  package. I added
several RBLs to /etc/mail/spamassassin/init.pre but spamassassin only
queries its built in RBLs and not the ones I added. An example RBL entry to
init.pre is shown below:

header IN_NJABL_ORGrbleval:check_rbl('njabl','dnsbl.njabl.org.')
describe IN_NJABL_ORG  Received via a relay in dnsbl.njabl.org
tflags IN_NJABL_ORGnet
score IN_NJABL_ORG  5

I also find messages that aren't tagged as being in an RBL that are listed
in cbl.abuseat.org and zen.spamhaus.org which should be automatically
checked by spamassassin using the default configuration. As mentioned before
other (built-in) RBL checks work. Any hints as to why my custom RBL checks
added to init.pre (and also tried local.cf) aren't queried after restarting
spamassassin?

Thanks,
 Chris


You don't EVER add rules to a .pre file

only .cf are rules files
use local.cf for custom rules

Re: Spamassassin not checking user provided RBLs

[Matt Kettler]

 On 9/2/2010 3:08 AM, Chris Datfung wrote:
On Thu, Sep 2, 2010 at 5:06 AM, Benny Pedersen m...@junc.org 
mailto:m...@junc.org wrote:


On ons 01 sep 2010 22:47:36 CEST, Chris Datfung wrote


header IN_NJABL_ORG  
 rbleval:check_rbl('njabl','dnsbl.njabl.org.')

describe IN_NJABL_ORG  Received via a relay in dnsbl.njabl.org
http://dnsbl.njabl.org
tflags IN_NJABL_ORGnet
score IN_NJABL_ORG  5


first errpr is you added it to a pre file, next is that it is in
std rules being checked

did you or debian run sa-update ?


Hi Benny,

I ran sa-update. As you pointed out, there are a number of RBLs in the 
standard configuration that for some reason aren't checked, thus I 
thought I could easily fix that by adding them to local.cf 
http://local.cf and when that didn't work I tried in init.pre. I do 
see other RBL generated scores in the message headers, so it appears 
that some RBL checks are indeed performed.



what gives spamassassin 21 -D --lint | less



snip

Do you see any obvious problems?


Hmm, --lint isn't really the best option for a DNS problem. --lint 
implies local-only mode, which limits its usefulness for this particular 
kind of issue.


I can see you do have Net::DNS installed, which is good:

Sep  2 16:56:51.709 [986] dbg: dns: is Net::DNS::Resolver available? yes
Sep  2 16:56:51.709 [986] dbg: dns: Net::DNS version: 0.63


and I don't see any parse errors, which is also good..


Sep  2 16:56:53.771 [986] dbg: dns: is DNS available? 0
Sep  2 16:56:53.771 [986] dbg: rules: local tests only, ignoring RBL eval

But local-only mode is enforced, cutting our investigation short.

Can you try again using a message, such as the sample-spam.txt that 
comes with the SA tarball.


spamassassin  sample-spam.txt 21 -D

In particular, we want to look at the dbg: dns: is DNS available? line 
and other DNS related ones nearby.






Thanks!
 Chris

Re: Adding custom surbl servers to local.cf

[selven]

i mean, how do i tell spamassassin to look query which server.

rbldnsd is already up and running

On Thu, Sep 2, 2010 at 2:49 PM, Benny Pedersen m...@junc.org wrote:

 On tor 02 sep 2010 12:31:16 CEST, selven wrote


  Hi, i have set up an RBLDNSD server hopefully to do surbl for me, but i
 have
 no clue how to make spamassassin query that, i don't have any clue how to
 add that in local.cf .. if someone could point me to the right direction,
 that'll be really appreciated.


 okay let me show how i do, there might be more how to outthere :)

 #/etc/bind/named.conf
 zone dnsbl-that-are-checked-in-spamassassin IN {
type forward;
forward only;
forwarders { 127.0.0.2; };
 };


 #/etc/conf.d/rbldns (gentoo)
 OPTIONS=-q -f \
 -r /var/db/rbldnsd \
 -b 127.0.0.2 \
 -u rbldns \
 -p /var/run/rbldnsd.pid \
 dnsbl-that-are-checked-in-spamassassin:set-type:file-to-raed-locally
 

 i bind rbldnsd to 127.0.0.2 so i can still have named on 127.0.0.1

 --
 xpoint http://www.unicom.com/pw/reply-to-harmful.html




-- 
$3|v3n

Re: Adding custom surbl servers to local.cf

[Matus UHLAR - fantomas]

On 02.09.10 15:51, selven wrote:
 i mean, how do i tell spamassassin to look query which server.

you will not. SpamAssassin uses standard system libraries for querying DNS.
you must configure your resolving name server(s) to preferrably forward
configured zone to your rbldnsd.

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
M$ Win's are shit, do not use it !

Re: Adding custom surbl servers to local.cf

[selven]

ahh okie. thanks

On Thu, Sep 2, 2010 at 3:53 PM, Matus UHLAR - fantomas uh...@fantomas.skwrote:

 On 02.09.10 15:51, selven wrote:
  i mean, how do i tell spamassassin to look query which server.

 you will not. SpamAssassin uses standard system libraries for querying DNS.
 you must configure your resolving name server(s) to preferrably forward
 configured zone to your rbldnsd.

 --
 Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
 Warning: I wish NOT to receive e-mail advertising to this address.
 Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
 M$ Win's are shit, do not use it !




-- 
$3|v3n

Re: Spamassassin not checking user provided RBLs

[Chris Datfung]

On Thu, Sep 2, 2010 at 2:30 PM, Matt Kettler mkettler...@verizon.netwrote:


 Can you try again using a message, such as the sample-spam.txt that comes
 with the SA tarball.

 spamassassin  sample-spam.txt 21 -D

 In particular, we want to look at the dbg: dns: is DNS available? line
 and other DNS related ones nearby.



Hi Matt,

I included (hopefully only) the relevant data from the above command below:

Sep  2 22:13:37.978 [11886] dbg: dns: is Net::DNS::Resolver available? yes
Sep  2 22:13:37.979 [11886] dbg: dns: Net::DNS version: 0.63
[...snip]
Sep  2 22:13:39.147 [11886] dbg: dns: is_dns_available() last checked
1283429619.1 seconds ago; re-checking
Sep  2 22:13:39.147 [11886] dbg: dns: is Net::DNS::Resolver available? yes
Sep  2 22:13:39.147 [11886] dbg: dns: Net::DNS version: 0.63
Sep  2 22:13:39.148 [11886] dbg: dns: name server: x.x.x.x, LocalAddr:
0.0.0.0
Sep  2 22:13:39.148 [11886] dbg: dns: resolver socket rx buffer size is
126976 bytes
Sep  2 22:13:39.148 [11886] dbg: dns: testing resolver nameservers: x.x.x.x
Sep  2 22:13:39.148 [11886] dbg: dns: trying (3) adelphia.net...
Sep  2 22:13:39.148 [11886] dbg: dns: looking up NS for 'adelphia.net'
Sep  2 22:13:39.149 [11886] dbg: dns: providing a callback for id: 53318/
adelphia.net/NS/IN
Sep  2 22:13:42.151 [11886] dbg: dns: NS lookup of adelphia.net using
x.x.x.x failed, no results found
Sep  2 22:13:42.151 [11886] dbg: dns: trying (2) colorado.edu...
Sep  2 22:13:42.151 [11886] dbg: dns: looking up NS for 'colorado.edu'
Sep  2 22:13:42.151 [11886] dbg: dns: providing a callback for id: 53742/
colorado.edu/NS/IN
Sep  2 22:13:42.198 [11886] dbg: dns: NS lookup of colorado.edu using
x.x.x.x succeeded = DNS available (set dns_available to override)
[...snip]
Sep  2 22:13:42.200 [11886] dbg: dns: is DNS available? 1
Sep  2 22:13:42.201 [11886] dbg: uridnsbl: domains to query:
Sep  2 22:13:42.201 [11886] dbg: dns: checking RBL bl.spamcop.net., set
spamcop
Sep  2 22:13:42.202 [11886] dbg: dns: checking RBL combined.njabl.org., set
njabl
Sep  2 22:13:42.202 [11886] dbg: dns: checking RBL bl.spamcop.net., set
spamcop
Sep  2 22:13:42.202 [11886] dbg: dns: checking RBL dnsbl.njabl.org., set
njabl
Sep  2 22:13:42.202 [11886] dbg: dns: checking RBL cbl.abuseat.org., set
abuseat
Sep  2 22:13:42.203 [11886] dbg: dns: checking RBL b.barracudacentral.org.,
set barracuda
Sep  2 22:13:42.203 [11886] dbg: dns: checking RBL zen.spamhaus.org., set
zen-lastexternal
Sep  2 22:13:42.203 [11886] dbg: dns: checking RBL dnsbl.sorbs.net., set
sorbs-lastexternal
Sep  2 22:13:42.203 [11886] dbg: dns: checking RBL dnsbl.sorbs.net., set
sorbs
Sep  2 22:13:42.203 [11886] dbg: dns: checking RBL bl.score.senderscore.com.,
set rnbl-lastexternal
Sep  2 22:13:42.203 [11886] dbg: dns: checking RBL zen.spamhaus.org., set
zen-lastexternal
Sep  2 22:13:42.203 [11886] dbg: dns: checking RBL psbl.surriel.com., set
psbl-lastexternal

Thanks,
 Chris

Re: Adding custom surbl servers to local.cf

[Benny Pedersen]

On tor 02 sep 2010 13:51:02 CEST, selven wrote


i mean, how do i tell spamassassin to look query which server.

rbldnsd is already up and running


i only forget to tell that you also need nameserver 127.0.0.1 in  
/etc/resolv.conf only that nameserver no more no less :-)


did you bind rbldnsd to 127.0.0.2 like me ?

the magic is that you need it



On Thu, Sep 2, 2010 at 2:49 PM, Benny Pedersen m...@junc.org wrote:


On tor 02 sep 2010 12:31:16 CEST, selven wrote


 Hi, i have set up an RBLDNSD server hopefully to do surbl for me, but i

have
no clue how to make spamassassin query that, i don't have any clue how to
add that in local.cf .. if someone could point me to the right direction,
that'll be really appreciated.



okay let me show how i do, there might be more how to outthere :)

#/etc/bind/named.conf
zone dnsbl-that-are-checked-in-spamassassin IN {
   type forward;
   forward only;
   forwarders { 127.0.0.2; };
};


#/etc/conf.d/rbldns (gentoo)
OPTIONS=-q -f \
-r /var/db/rbldnsd \
-b 127.0.0.2 \
-u rbldns \
-p /var/run/rbldnsd.pid \
dnsbl-that-are-checked-in-spamassassin:set-type:file-to-raed-locally


i bind rbldnsd to 127.0.0.2 so i can still have named on 127.0.0.1

--
xpoint http://www.unicom.com/pw/reply-to-harmful.html





--
$3|v3n





--
xpoint http://www.unicom.com/pw/reply-to-harmful.html

Re: Adding custom surbl servers to local.cf

[Jeff Chan]

On Thursday, September 2, 2010, 4:51:02 AM, selven selven wrote:
 i mean, how do i tell spamassassin to look query which server.

As Benny said you serve the zone with a local domain then query
that local domain.  Instructions are at:

http://www.surbl.org/public-dns.html

Post a copy of your rbldnsd an BIND configs for the zone and
spamassassin rule, and we will check them.

Jeff C.
-- 
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/

Re: Delivery Status Notification (Failure)

[Bowie Bailey]

 On 9/1/2010 5:57 PM, Emin Akbulut wrote:
 /*
 */

 There is no second MTA/SMTP server. Imagine 3 machines 
 in my environment: 1. Mail client, 2: Mail server 3: SA server.
 Test message is OUTGOING message, I'm authenticated user.
 The only HELO command sender is my mail client and it's not
 a relay server, huh?

 Original test message headers:

 Received: from ea2 ([78.186.240.194]) by izsmmmo.com
 http://izsmmmo.com/ with MailEnable ESMTP; Wed, 1 Sep 2010
 15:30:15 +0300
 Message-ID: e9bfbdbd61f044c288b222e857ff6...@ea2
 From: emin.akbu...@izsmmmo.com mailto:emin.akbu...@izsmmmo.com
 To: eminakbu...@gmail.com mailto:eminakbu...@gmail.com
 Subject: HELO_NO_DOMAIN test
 Date: Wed, 1 Sep 2010 15:23:20 +0300
 MIME-Version: 1.0
 Content-Type: multipart/alternative;
 boundary==_NextPart_000_0003_01CB49E9.9C0B6070
 X-Priority: 3
 X-MSMail-Priority: Normal
 Importance: Normal
 X-Mailer: Microsoft Windows Live Mail 14.0.8117.416
 X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8117.416

 Bu, MIME biçiminde çok taraflı bir iletidir.

 --=_NextPart_000_0003_01CB49E9.9C0B6070
 Content-Type: text/plain;
 charset=iso-8859-9
 Content-Transfer-Encoding: quoted-printable

   
 XJS*C4JDBQADN1.NSBN3*2IDNEN*@@@GTUBE@@@-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
  
 --=_NextPart_000_0003_01CB49E9.9C0B6070
 Content-Type: text/html;
 charset=iso-8859-9
 Content-Transfer-Encoding: quoted-printable


1) I lost track of your question.

2) Those headers do not look like the message passed through SA.  If you
are questioning what SA is doing, we need to see the headers AFTER SA
has processed the message so we can see what it did.

-- 
Bowie

Re: Delivery Status Notification (Failure)

[John Hardin]

On Thu, 2 Sep 2010, Emin Akbulut wrote:


Good. My test mail headers rejected here:  : P


It's best to post sample messages to a site like pastebin, and then just 
post the URL for that here. A sample sent to the mailing list will, as 
you've seen, be subject to scanning and rejection, as well as subject to 
modification by any host it passes through, making it more difficult to 
trust as the basis for analysis.



*I try again:*

There is no second MTA/SMTP server. Imagine 3 machines
in my environment: 1. Mail client, 2: Mail server 3: SA server.
Test message is OUTGOING message, I'm authenticated user.


That's the second possible scenario I was wondering about, but I did not 
want to complicate my original question too much.


You are scanning outbound email. That detail may not have been clear in 
the original posts.


Someone else with experience scanning outbound mail may have more 
suggestions to offer, as I do not scan outbound mail and don't have 
experience with all of the gotchas.



The only HELO command sender is my mail client and it's not
a relay server, huh?


No, but from the point of view of the SMTP exchange there isn't any 
explicit distinction between an originator of a message and an 
intermediate relay.


A quick note before all my commentary: setting your mail client(s) to use 
a fully-qualified domain name as the HELO string would fix the problem. 
Doing this in Outlook might require changing the network name of your 
computer. I don't use Outlook so I can't offer exact instructions.


On to the commentary...

Is the IP address below modified by you in any way to protect privacy? If 
not, then that's a public Internet IP address. Not seeing a reserved 
network there makes me assume your mail client is not on a private subnet 
on the private side of your MTA. Some of my comments will be based on that 
assumption, I apologize if I am in error.


From the headers that it appears you are not using authenticated SMTP. You 
should be. That would greatly help SA figure things out when the mail 
clients you're serving are on the public Internet.


Since you are not using authenticated SMTP, you are not an authenticated 
user as you claimed to be above. What exactly makes you an authenticated 
user?


To check my assumption: is your mail client actually on a private subnet 
under your control, or is it directly connected to the Internet somewhere 
else and getting an IP address you cannot control or predict?


If the clients are on a private subnet under your control, you can tell SA 
that their subnet is internal, you can tell your MTA to not pass 
outbound messages to SA (based on the IP address), or you write an 
offsetting rule that matches locally-originated email (based on the IP 
address in a Received: header) and adds some negative points to the score.


(Side question: if your mail clients _are_ on a privately-controlled 
subnetwork, why didn't you use one of the network address spaces reserved 
for that purpose?)



Original test message headers:

Received: from ea2 ([78.186.240.194]) by izsmmmo.com with MailEnable ESMTP;
Wed, 1 Sep 2010 15:30:15 +0300
Message-ID: e9bfbdbd61f044c288b222e857ff6...@ea2
From: emin.akbu...@izsmmmo.com
To: eminakbu...@gmail.com
Subject: HELO_NO_DOMAIN test
Date: Wed, 1 Sep 2010 15:23:20 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary==_NextPart_000_0003_01CB49E9.9C0B6070
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 14.0.8117.416
X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8117.416

Bu, MIME bi??iminde ??ok tarafl?? bir iletidir.

--=_NextPart_000_0003_01CB49E9.9C0B6070
Content-Type: text/plain;
charset=iso-8859-9
Content-Transfer-Encoding: quoted-printable

 XJS*C4JDBQADN1.NSBN3*2IDNEN*@@@GTUBE@
@@-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
--=_NextPart_000_0003_01CB49E9.9C0B6070
Content-Type: text/html;
charset=iso-8859-9
Content-Transfer-Encoding: quoted-printable



--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Therapeutic Phrenologist - send email for affordable rate schedule.
---
 15 days until the 223rd anniversary of the signing of the U.S. Constitution

Re: Delivery Status Notification (Failure)

[Karsten Bräckelmann]

On Thu, 2010-09-02 at 00:57 +0300, Emin Akbulut wrote:
 Good. My test mail headers rejected here:  : P

Ugh, yeah -- do not send spam this way. GTUBE by its very definition is
meant to be caught by SA.

Replying to the DSN probably wasn't the best of choices either. What's
that subject got to do with your question?


 I try again:
 
 There is no second MTA/SMTP server. Imagine 3 machines 
 in my environment: 1. Mail client, 2: Mail server 3: SA server.

So your MUA on the client machine sends the message to your MailEnable
SMTP server. Which is, what the single Received header shows.

Kind of repeating myself here, but... HOW does SA running on the third
machine get the message? The headers you showed us aren't necessarily
the ones SA ultimately gets to see.


-- 
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128  (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Escape characters passing spam through

[mdunlap]

I've had problems sa-learning some particular emails that have some 
ASCII escape characters, I've been getting this email that passes right 
through the filter Subject: (¯`·._..babes_in_blue^(TM).._.·´¯)
sa-learn won't recognize it as a message scanned, I'm pretty sure these 
characters (¯`·._.. are escaping it some how. Any ideas?

Re: Delivery Status Notification (Failure)

[Emin Akbulut]

2010/9/2 Karsten Bräckelmann guent...@rudersport.de


 Kind of repeating myself here, but... HOW does SA running on the third
 machine get the message? The headers you showed us aren't necessarily
 the ones SA ultimately gets to see.


Oh god, it's not mystery, my mail server got two IP, an internal
and a real IP. SA has only internal IP. That's it. So my hop count
from mail client to server, server to SA, always 1.

I'm authenticated, there is no doubt. Let me explain why I did ask
that question; what is HELO_NO_DOMAIN? because SA scores
our users and they are not spammers, they are ordinary authenticated
message senders, just like me. HELO_NO_DOMAIN and
FSL_HELO_NON_FQDN_1 and a few others make innocent
messages nearly spam. A non-spam message scored ~4
points at first. If user types ALL CAPS SUBJECT vs.
then his message becomes a spam. I cannot tell to
everybody; hey do not use caps in subject. So
I have to fix  HELO_NO_DOMAIN problem.

I'm asking in another way another point of view:

*HELO_NO_DOMAIN Relay reports its domain incorrectly*


So what/who is relay here and what reports incorrect?

Re: Delivery Status Notification (Failure)

[John Hardin]

On Fri, 3 Sep 2010, Emin Akbulut wrote:


2010/9/2 Karsten Br?ckelmann guent...@rudersport.de

Kind of repeating myself here, but... HOW does SA running on the third 
machine get the message? The headers you showed us aren't necessarily 
the ones SA ultimately gets to see.


Oh god, it's not mystery, my mail server got two IP, an internal
and a real IP. SA has only internal IP. That's it. So my hop count
from mail client to server, server to SA, always 1.

I'm authenticated, there is no doubt.


Using just the mail headers that you provided as an example, show us how 
we are to know the sender is authenticated. Proof by vigorous assertion is 
not proof.



Let me explain why I did ask that question; what is HELO_NO_DOMAIN?


The HELO does not contain a domain part. From your example:


Received: from ea2 ([78.186.240.194]) by izsmmmo.com with MailEnable ESMTP;


ea2 is not a fully qualified host name. There is no domain part.

because SA scores our users and they are not spammers, they are ordinary 
authenticated message senders, just like me. HELO_NO_DOMAIN and 
FSL_HELO_NON_FQDN_1 and a few others make innocent messages nearly spam.


That is because you are scanning outbound mail while making no provision 
for the way a MUA will submit messages. If you configured all of your mail 
clients to use a fully-qualified host name instead of just a machine name, 
these problems would go away.



So I have to fix HELO_NO_DOMAIN problem.


I told you how to do that.

(1) fix your mail clients to use fully-qualified host names rather than 
just machine names,


or

(2) stop scanning outbound mail,

or

(3) write a rule that recognizes locally-originated messages and subtracts 
(say) five points from the score.



I'm asking in another way another point of view:

*HELO_NO_DOMAIN Relay reports its domain incorrectly*

So what/who is relay here and what reports incorrect?


Relay is the system that submitted the message. For the purposes of 
the HELO string it does not matter whether that is a MTA or a MUA. 
Incorrect is it did not use a FQDN.


There is no problem with the rule.

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Vista is at best mildly annoying and at worst makes you want to
  rush to Redmond, Wash. and rip somebody's liver out.  -- Forbes
---
 15 days until the 223rd anniversary of the signing of the U.S. Constitution