[Bug 3410] New: DNS_FROM_RFCI_DSN is not used correctly

19 May 2004 12:35:36 -0000 

http://bugzilla.spamassassin.org/show_bug.cgi?id=3410

           Summary: DNS_FROM_RFCI_DSN is not used correctly
           Product: Spamassassin
           Version: unspecified
          Platform: Other
               URL: http://www.rfc-ignorant.org
        OS/Version: other
            Status: NEW
          Severity: major
          Priority: P5
         Component: Rules
        AssignedTo: [EMAIL PROTECTED]
        ReportedBy: [EMAIL PROTECTED]


I believe you are using tests against rfc-ignorant.org incorrectly.

The DNS_FROM_RFCI_DSN test is comparing the domain name found in the From:
header against the DSN RBL from rfc-ignorant.org. However, that RBL should only
be used for the actual sender's domain (sender passed via MAIL FROM), not the
From: or Reply-to: headers. 

It is possible your other RFCI tests are not performed correctly also, but I can
only speak directly of the test above.

Here is a recent exchange with the head guy at RFCI, Derek Balling:

---

I said:

> But let me understand ... SpamAssassin is using RFCI incorrectly,
> is that right? They are checking from: headers against your list
> when they should only be checking connecting IP addresses and domains
> used in the MAIL FROM: or return path, right? If that is correct I
> will file a bug report with them.

Derek said:

Different zones are intended to be used in different ways. If SA is using them
counter to their design, then yes, this is a bug-report that should be filed
with the SA devel team.

DSN should only be used against the RHS of the SMTP envelope-from BogusMX should
only be against the RHS of the SMTP envelope-from

Whois can be used against either the RHS of the envelope-from or the connecting
hostname Postmaster can be used against either the RHS of the envelope-from or 
the connecting hostname Abuse can be used against either the RHS of the
envelope-from or the connecting hostname

I know the SA team started using them recently, and when they approached us for
information, I specifically warned them to be careful (since they're using
lookups against an amalgam-zone) to pay attention to which result-code (A RR)
they got back in the query.

Hope that clears it up.

Derek
(RFCI Head Guy)



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Reply via email to