Re: Question about how Postfix sends the EHLO/HELO
Noel Jones a écrit : [snip] Looking at the headers of the message you sent to the list: Received: from neskowin.linfield.edu (neskowin.linfield.edu [192.147.171.21]) by russian-caravan.cloud9.net (Postfix) with SMTP id 55D0AFD9F3 for postfix-users@postfix.org; Wed, 4 Mar 2009 14:33:37 -0500 (EST) Received: from neskowin.linfield.edu (localhost.localdomain [127.0.0.1]) by linfield.edu (Postfix) with SMTP id 596B158120 for postfix-users@postfix.org; Wed, 4 Mar 2009 11:33:36 -0800 (PST) Received: from exchangedb.wfo.linfield.edu (exchangedb.wfo.linfield.edu [10.170.131.27]) by neskowin.linfield.edu (Postfix) with ESMTP id 410365811C for postfix-users@postfix.org; Wed, 4 Mar 2009 11:33:36 -0800 (PST) Received: from 10.219.255.241 ([10.219.255.241]) by exchangedb.wfo.linfield.edu ([10.170.131.27]) via Exchange Front-End Server exchange.linfield.edu ([10.170.131.28]) with Microsoft Exchange Server HTTP-DAV ; Wed, 4 Mar 2009 19:33:36 + the only numeric HELO I see is from the originating client. but if that's the explanation, then it's a bug, because that one was submitted with HTTP-DAV, so there's no HELO at all. IMHO SpamAssassin should not be applying this test to all headers, only the topmost trusted header. hmm. I am more interested with detecting borked hops before the last one (which would be rejected by postfix). I don't remember if I asked this here or on SA list (I think it was on SA list), but which (not oudated) clients still helo with a naked IP? time to nake'em, no? Next wild guess is that the recipient server has misconfigured SA. most probably, it's in stock SA. there was some recent discussion about this. I think the helo checks in SA need a review... You can fix this with a header_checks rule to either REWRITE the offending header to X-Received:... or just IGNORE (remove) it. -- Noel Jones
Question about how Postfix sends the EHLO/HELO
Hi, We are having problems sending email to a particular site on the internet that uses SpamAssassin to filter for spam. They send me back the headers on a particular message and here is the spam portion: X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.0 (2007-05-01) on microthunder.com X-Spam-Level: X-Spam-Status: Yes, score=4.4 required=4.0 tests=HTML_MESSAGE, MIME_QP_LONG_LINE,RCVD_NUMERIC_HELO autolearn=no version=3.2.0 X-Spam-Report: * 2.6 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO * 0.0 HTML_MESSAGE BODY: HTML included in message * 1.8 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars What I don¹t get is the first test in the X-Spam-Report header which received a 2.6. Does postfix strictly send the IP address on the HELO/EHLO? If so, what parameter to I need to set to $myhostname? Or, am I entirely misunderstanding what that test tests for? Thanks. -- Rob Tanner UNIX Services Manager Linfield College, McMinnville Oregon 503-883-2558
Re: Question about how Postfix sends the EHLO/HELO
On 4-Mar-2009, at 12:33, Rob Tanner wrote: X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.0 (2007-05-01) on microthunder.com They really *really* need to update their two-year old SA install. X-Spam-Level: X-Spam-Status: Yes, score=4.4 required=4.0 They really *REALLY* need to understand the consequences of lowering the threshold, as this is nearly always a very very bad idea. SA does not think your message is spamish, their mailadmin does. RCVD_NUMERIC_HELO Well, that one is possibly your fault, and you should certainly fix it if it is. What I don’t get is the first test in the X-Spam-Report header which received a 2.6. Does postfix strictly send the IP address on the HELO/EHLO? Only if it has no choice. If so, what parameter to I need to set to $myhostname? Or, am I entirely misunderstanding what that test tests for? # INTERNET HOST AND DOMAIN NAMES # # The myhostname parameter specifies the internet hostname of this # mail system. The default is to use the fully-qualified domain name # from gethostname(). $myhostname is used as a default value for many # other configuration parameters. # #myhostname = host.domain.tld #myhostname = virtual.domain.tld However, your headers to the list look perfectly fine. My suspicion, irrational without the full headers you sent them and the full message they sent back, is that they screwed something up on their end with the RCVD_NUMERIC_HELO test and that some eager-beaver sysadmin changed something they didn't understand to get better results. I base this on the evidence that some eager-beaver sysadmin lowered the threshold to 4.0 without understanding the consequences to get better results. Feel free to forward my comments along to David Sosnowski @ microthunder@gmail.com -- What the hell's goin' on in the engine room? Were there monkeys? Some terrifying space monkeys maybe got loose?
Re: Question about how Postfix sends the EHLO/HELO
Thanks for your feedback. I do have $myhostname defined and you've confirmed what I thought. It's their issue and they need to fix it. Again, thanks. -- Rob On 3/4/09 12:19 PM, LuKreme krem...@kreme.com wrote: On 4-Mar-2009, at 12:33, Rob Tanner wrote: X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.0 (2007-05-01) on microthunder.com They really *really* need to update their two-year old SA install. X-Spam-Level: X-Spam-Status: Yes, score=4.4 required=4.0 They really *REALLY* need to understand the consequences of lowering the threshold, as this is nearly always a very very bad idea. SA does not think your message is spamish, their mailadmin does. RCVD_NUMERIC_HELO Well, that one is possibly your fault, and you should certainly fix it if it is. What I don¹t get is the first test in the X-Spam-Report header which received a 2.6. Does postfix strictly send the IP address on the HELO/EHLO? Only if it has no choice. If so, what parameter to I need to set to $myhostname? Or, am I entirely misunderstanding what that test tests for? # INTERNET HOST AND DOMAIN NAMES # # The myhostname parameter specifies the internet hostname of this # mail system. The default is to use the fully-qualified domain name # from gethostname(). $myhostname is used as a default value for many # other configuration parameters. # #myhostname = host.domain.tld #myhostname = virtual.domain.tld However, your headers to the list look perfectly fine. My suspicion, irrational without the full headers you sent them and the full message they sent back, is that they screwed something up on their end with the RCVD_NUMERIC_HELO test and that some eager-beaver sysadmin changed something they didn't understand to get better results. I base this on the evidence that some eager-beaver sysadmin lowered the threshold to 4.0 without understanding the consequences to get better results. Feel free to forward my comments along to David Sosnowski @ microthunder@gmail.com