http://bugzilla.spamassassin.org/show_bug.cgi?id=3292
Summary: Improper use of and false positives regarding
RCVD_IN_SORBS
Product: Spamassassin
Version: 2.63
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P3
Component: Rules
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
One of the SORBS lists contains IP ranges of "end users" that should not be
directing sending e-mail (their mail servers should) to foriegn mail servers and
the RCVD_IN_SORBS appears to do a check against that list. This is all well and
good except it's checking every relay point in the header and any half decent
mail server is going to include a copy of the inital hop (from the end user to
the mail server) and this is leading to false positives. Example:
Return-Path: <[EMAIL PROTECTED]>
Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56])
by smartertek.net (8.12.3+3.5Wbeta/8.12.3/Debian-6.6) with ESMTP id
i3AMsoMR026360
for <[EMAIL PROTECTED]>; Sat, 10 Apr 2004 18:54:50 -0400
Received: from Macbeth3 (pcp01543743pcs.abngtn01.va.comcast.net[68.62.243.186])
by comcast.net (sccrmhc12) with SMTP
id <2004041022544401200220cbe>; Sat, 10 Apr 2004 22:54:44 +0000
Message-ID: <[EMAIL PROTECTED]>
Resulted in a hit: RCVD_IN_SORBS
RBL: SORBS: sender is listed in SORBS
[68.62.243.186 listed in dnsbl.sorbs.net]
It's a very natural thing for that first hop from the sender to their mail
server to contain an IP address that belongs to a dial-up,dsl,cable,etc. or
other such end user range (they've got to send mail somehow right?).
Spamassassin needs to stop examing that first hop when checking this rule.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
