I look at the code and it sure seemed to use both trust and internal
to me (I looked at 3.0.2, but tested on 3.0.1).
So I constructed a small example from you headers; I used as input:
--------------------------------------------------------------------------------
Return-Path: <[EMAIL PROTECTED]>
Received: from fiat.ischool.utexas.edu (HELO fiat.ischool.utexas.edu)
(128.83.248.27)
by mailhub.plectere.com (Postfix) with SMTP id BDE3668AD
for <[EMAIL PROTECTED]>; Thu, 3 Mar 2005 08:57:29 -0800 (PST)
Received: from webmailapp1.cc.utexas.edu (fiat.ischool.utexas.edu
[128.83.248.27])
by fiat.ischool.utexas.edu (8.12.11/8.12.11) with ESMTP id
j23GvLGD004371
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for <[EMAIL PROTECTED]>; Thu, 3 Mar 2005 10:57:22 -0600
Received: from cpe-70-112-27-200.austin.res.rr.com
(cpe-70-112-27-200.austin.res.rr.com [70.112.27.200]) by
webmailapp1.cc.utexas.edu (IMP) with HTTP for
<[EMAIL PROTECTED]>; Tue, 1 Mar 2005 23:56:24
-0600
Date: Thu, 3 Mar 2005 10:57:14 -0600 (CST)
From: Shane Williams <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Webmail and IP rules
Let me make it clear that I'm not convinced yet where the "problem"
...
--
Public key #7BBC68D9 at | Shane Williams
http://pgp.mit.edu/ | System Admin - UT iSchool
=----------------------------------+-------------------------------
All syllogisms contain three lines | [EMAIL PROTECTED]
Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
--------------------------------------------------------------------------------
I ran it through "spamassassin -D -t", then I added the following two
lines to my local.cf:
internal_networks 128.83.248.0/24
trusted_networks 128.83.248.0/24
and ran it again.
The final few lines of the output is below for each case:
*- without "trust" -*
Content preview: Let me make it clear that I'm not convinced yet where
the "problem" ... -- Public key #7BBC68D9 at | Shane Williams
http://pgp.mit.edu/ | System Admin - UT iSchool =+ All syllogisms
contain three lines | [EMAIL PROTECTED] Therefore this is not a
syllogism | www.ischool.utexas.edu/~shanew [...]
Content analysis details: (-2.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
*- and with "trust" -*
Content preview: Let me make it clear that I'm not convinced yet where
the "problem" ... -- Public key #7BBC68D9 at | Shane Williams
http://pgp.mit.edu/ | System Admin - UT iSchool =+ All syllogisms
contain three lines | [EMAIL PROTECTED] Therefore this is not a
syllogism | www.ischool.utexas.edu/~shanew [...]
Content analysis details: (3.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.2 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP)
4.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr 1)
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
I can only suggest you try a similar test. It sure looks to me to
be an issue of "trust".
Personally, I would commend IMP for "pretending" that the client is
the HELO when that data is not known. Also, it has been almost 15 years since
I used a dynamic IP, but from logs and "login scripts" it seems that back then
Netcom contructed a dynamic name using part of the strings I used to login with
so that I would end up with an IP which reversed to
plectere.xxx.xxx.netcom.com.I never used their mail servers, so I have no idea
what they would have done if
I had - there wasn't a HTTP interface (or even HTTP) back then.
old logs
