Hi,
I sent this one yesterday and noone answered... am I not posting enough info?
or anything else?... this keeps happening... thanx for any clue.
I'm using SpamAssassin 2.63 within MailScanner 4.29.6 and just stumbled on
a strange error...
I got the following mail header:
Received: from mta5.fibertel.com.ar ([24.232.0.159]:43916 "EHLO
mail.fibertel.com.ar" whoson: "-unregistered-") by dedos.pert.com.ar
with ESMTP id <S216278AbUC2V0q>; Mon, 29 Mar 2004 18:26:46 -0300
Received: from princecooke.com (200.114.130.11) by mail.fibertel.com.ar
(7.0.019) (authenticated as comletter)
id 40580C2200407B1D; Mon, 29 Mar 2004 18:01:04 -0300
Message-ID: <[EMAIL PROTECTED]>
X-EM-Version: 5, 0, 0, 21
X-EM-Registration: #01B0530810E603002D00
X-Priority: 3
Reply-To: [EMAIL PROTECTED]
To: "comLetter 29-03-04" <[EMAIL PROTECTED]>
From: "P&C - com.Letter" <[EMAIL PROTECTED]>
Subject: {Spam-Alerce 8} com.Letter 29-03-04
Date: Tue, 30 Mar 2004 06:01:10 -0300
MIME-Version: 1.0
Content-type: multipart/report; boundary="======652==49201======"
X-PERT-MailScanner-Informacion: Contactarse con PERT para mas informacion
X-PERT-MailScanner: Se encontro limpio
X-PERT-MailScanner-SpamAssassin: spam, SpamAssassin-2.63 (puntaje=8.676,
requerido 5, DATE_IN_FUTURE_12_24 1.95, HTML_50_60 0.18,
HTML_COMMENT_SAVED_URL 0.82, HTML_FONTCOLOR_BLUE 0.10,
HTML_FONTCOLOR_RED 0.10, HTML_FONTCOLOR_UNSAFE 0.10,
HTML_FONT_BIG 0.10, HTML_MESSAGE 0.00, HTML_TAG_BALANCE_BODY 0.26,
HTML_TAG_BALANCE_HTML 0.41, HTML_TAG_BALANCE_TABLE 0.20,
LINES_OF_YELLING 0.01, MIME_BOUND_NEXTPART 0.16,
MIME_MISSING_BOUNDARY 0.80, PRIORITY_NO_NAME 0.83,
RCVD_IN_DYNABLOCK 2.55, RCVD_IN_SORBS 0.10)
X-PERT-MailScanner-SpamScore: ssssssss
X-MailScanner-From: [EMAIL PROTECTED]
Among the matched rules is RCVD_IN_DYNABLOCK which supposedly doesn't check
the 'first hop':
header RCVD_IN_DYNABLOCK eval:check_rbl('sorbs-notfirsthop',
'dnsbl.sorbs.net.', '127.0.0.10')
Now, mta5.fibertel.com.ar ([24.232.0.159]) is a relay and is NOT in sorbs'
dynablock:
# dnsqr a 159.0.232.24.dnsbl.sorbs.net
1 159.0.232.24.dnsbl.sorbs.net:
46 bytes, 1+0+0+0 records, response, authoritative, nxdomain
query: 1 159.0.232.24.dnsbl.sorbs.net
The original sender machine (which properly relayed thru 24.232.0.159) _is_
in sorbs dynablock (since it's a dynamic IP):
# dnsqr a 11.130.114.200.dnsbl.sorbs.net
1 11.130.114.200.dnsbl.sorbs.net:
64 bytes, 1+1+0+0 records, response, noerror
query: 1 11.130.114.200.dnsbl.sorbs.net
answer: 11.130.114.200.dnsbl.sorbs.net 169362 A 127.0.0.10
But, for some reason, SpamAssassin _did_ check it and use it in the
score...
Is there something I'm misunderstanding? or is it a bug? or what?
TIA
--
Mariano Absatz
El Baby
----------------------------------------------------------
The use of COBOL cripples the mind; its teaching should,
therefore, be regarded as a criminal offense.
-- E. W. Dijkstra
