I thought the received header looked funny, so I hand-typed one and got the
same result. Actually, if you look at the botnet messages (with either
header), the IP, RDNS and HELO have captured identically. I believe that
means the header was parsed correctly by SA.
The three lines in the debug log
[9060] dbg: Botnet: starting
[9060] dbg: Botnet: no trusted relays
[9060] dbg: Botnet: get_relay didn't find RDNS
[9060] dbg: Botnet: IP is '169.200.184.174'
[9060] dbg: Botnet: RDNS is 'sls-sn-smtp-pmail3.wachovia.com'
[9060] dbg: Botnet: HELO is 'sls-sn-smtp-pmail3.wachovia.com'
[9060] dbg:
Thanks for catching the missing paren. Fixing it didn't change the result,
unfortunately.
Received: from 169.200.184.174 (EHLO sls-sn-smtp-pmail3.wachovia.com)
(169.200.184.174)
by mail.visioncomm.net with ESMTP (SMTPD32-8.15) id A1253F3B0064;
Wed, 02 Jan 2008 03:53:57 -0500
I agree an
Dan Barker wrote:
[9060] dbg: metadata: X-Spam-Relays-Trusted:
There are no trusted relays.
[9060] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=169.200.184.174 rdns=
helo=sls-sn-smtp-pmail3.wachovia.com by=mail.visioncomm.net ident= envfrom=
intl=0 id=
A1253F3B0064 auth= msa=0 ] [
Matt:
I finally got the rule to fire by hacking the header. Nothing has changed on
the MTA for years, and it's hard for me to believe all these rules failed in
3.1.7. Maybe they did. My logs don't go back that far (I only save 2 weeks -
sacs be ignored hereg). Maybe the SA parser is doing
I had some old, 3.1.7 files saved for a VBounce question last summer. They
show:
Header:
Received: from vsmtp107.tin.it [212.216.176.208] by mail.visioncomm.net with
ESMTP
(SMTPD32-8.15) id A08C12EF0080; Wed, 15 Aug 2007 15:14:20 -0400
...
Debug lines:
...
[2456] dbg: generic: SpamAssassin
I had some old, 3.1.7 files saved for a VBounce question last summer. They
show:
Header:
Received: from vsmtp107.tin.it [212.216.176.208] by mail.visioncomm.net
with
ESMTP
(SMTPD32-8.15) id A08C12EF0080; Wed, 15 Aug 2007 15:14:20 -0400
Debug lines:
...
[2456] dbg: received-header: parsed as
Eureka! Problem solved/hacked/understood/whatever.
a) My MTA is crap, and puts the HELO name and IP in the received header, but
no rDNS.
a1) This P.O.S. MTA has an option to Check rDNS. It will check for you,
and then return SUCCESS or FAILURE on the existence of a PTR or A record
(does not look
From: Loren Wilton [EMAIL PROTECTED]
Sent: Saturday, 2008, January 05 10:37
I had some old, 3.1.7 files saved for a VBounce question last summer.
They
show:
Header:
Received: from vsmtp107.tin.it [212.216.176.208] by mail.visioncomm.net
with
ESMTP
(SMTPD32-8.15) id A08C12EF0080; Wed, 15
d) Most of you guys are going to say Get a decent MTA. Some of you might
Didn't you say you were using qmail? Or am I
misremembering/misinterpreting? If you are using qmail for MTA, I'm
reasonably sure I recall discussion of patches to qmail to make it Do The
Right Thing that are available
10 matches
Mail list logo