-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mariano Absatz writes:
> Hi,
>
> I sent this one yesterday and noone answered... am I not posting enough info?
> or anything else?... this keeps happening... thanx for any clue.
>
> I'm using SpamAssassin 2.63 within MailScanner 4.29.6 and just stumbled on
> a strange error...
>
> I got the following mail header:
>
> Received: from mta5.fibertel.com.ar ([24.232.0.159]:43916 "EHLO
> mail.fibertel.com.ar" whoson: "-unregistered-") by dedos.pert.com.ar
> with ESMTP id <S216278AbUC2V0q>; Mon, 29 Mar 2004 18:26:46 -0300
ick! We don't have support for this Received-header format in our code,
that's the problem. Could you open a bug with this?
Also, any idea what MTA is adding data in that format? (and what "whoson"
means?)
- --j.
> Received: from princecooke.com (200.114.130.11) by mail.fibertel.com.ar
> (7.0.019) (authenticated as comletter)
> id 40580C2200407B1D; Mon, 29 Mar 2004 18:01:04 -0300
> Message-ID: <[EMAIL PROTECTED]>
> X-EM-Version: 5, 0, 0, 21
> X-EM-Registration: #01B0530810E603002D00
> X-Priority: 3
> Reply-To: [EMAIL PROTECTED]
> To: "comLetter 29-03-04" <[EMAIL PROTECTED]>
> From: "P&C - com.Letter" <[EMAIL PROTECTED]>
> Subject: {Spam-Alerce 8} com.Letter 29-03-04
> Date: Tue, 30 Mar 2004 06:01:10 -0300
> MIME-Version: 1.0
> Content-type: multipart/report; boundary="======652==49201======"
> X-PERT-MailScanner-Informacion: Contactarse con PERT para mas informacion
> X-PERT-MailScanner: Se encontro limpio
> X-PERT-MailScanner-SpamAssassin: spam, SpamAssassin-2.63 (puntaje=8.676,
> requerido 5, DATE_IN_FUTURE_12_24 1.95, HTML_50_60 0.18,
> HTML_COMMENT_SAVED_URL 0.82, HTML_FONTCOLOR_BLUE 0.10,
> HTML_FONTCOLOR_RED 0.10, HTML_FONTCOLOR_UNSAFE 0.10,
> HTML_FONT_BIG 0.10, HTML_MESSAGE 0.00, HTML_TAG_BALANCE_BODY 0.26,
> HTML_TAG_BALANCE_HTML 0.41, HTML_TAG_BALANCE_TABLE 0.20,
> LINES_OF_YELLING 0.01, MIME_BOUND_NEXTPART 0.16,
> MIME_MISSING_BOUNDARY 0.80, PRIORITY_NO_NAME 0.83,
> RCVD_IN_DYNABLOCK 2.55, RCVD_IN_SORBS 0.10)
> X-PERT-MailScanner-SpamScore: ssssssss
> X-MailScanner-From: [EMAIL PROTECTED]
>
> Among the matched rules is RCVD_IN_DYNABLOCK which supposedly doesn't check
> the 'first hop':
>
> header RCVD_IN_DYNABLOCK eval:check_rbl('sorbs-notfirsthop',
> 'dnsbl.sorbs.net.', '127.0.0.10')
>
> Now, mta5.fibertel.com.ar ([24.232.0.159]) is a relay and is NOT in sorbs'
> dynablock:
>
> # dnsqr a 159.0.232.24.dnsbl.sorbs.net
> 1 159.0.232.24.dnsbl.sorbs.net:
> 46 bytes, 1+0+0+0 records, response, authoritative, nxdomain
> query: 1 159.0.232.24.dnsbl.sorbs.net
>
> The original sender machine (which properly relayed thru 24.232.0.159) _is_
> in sorbs dynablock (since it's a dynamic IP):
>
> # dnsqr a 11.130.114.200.dnsbl.sorbs.net
> 1 11.130.114.200.dnsbl.sorbs.net:
> 64 bytes, 1+1+0+0 records, response, noerror
> query: 1 11.130.114.200.dnsbl.sorbs.net
> answer: 11.130.114.200.dnsbl.sorbs.net 169362 A 127.0.0.10
>
> But, for some reason, SpamAssassin _did_ check it and use it in the
> score...
>
> Is there something I'm misunderstanding? or is it a bug? or what?
>
> TIA
> --
> Mariano Absatz
> El Baby
> ----------------------------------------------------------
> The use of COBOL cripples the mind; its teaching should,
> therefore, be regarded as a criminal offense.
> -- E. W. Dijkstra
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFAaeaXQTcbUG5Y7woRAogoAKDJF4T518A9vKa4zs39UoLpMWrx/wCfUvMv
CSQOgQOKeBHKzNT6QYk1SRY=
=ESpa
-----END PGP SIGNATURE-----
