On 24.03.25 15:19, Andreas Haumer wrote:
Recently I noticed a (at least for me) very strange problem
with a mailserver running sendmail + SpamAssassin: sometimes
(not always!) the Received: header inserted by sendmail is completely wrong,
triggering SpamAssassin rules like "T_DATE_IN_FUTURE_96_Q"
More details: this is an internet-facing mail MX, currently running Debian 10
with sendmail 8.15.2 and spamass-milter 0.4.0
Am 24.03.25 um 15:54 schrieb Matus UHLAR - fantomas:
note that with milter, current Received: header is NOT the one produced by MTA
but by spamass-milter. The milter protocol provides message exactly as it came
without local additions like Received: header.
This also means that Received: header spamd sees as mail is being received is
diferent than the one you see later.
looking at logs I've had similar problem years ago:
https://marc.info/?l=spamassassin-users&m=139282758624769&w=2
without success:
https://marc.info/?l=spamassassin-users&m=139410750008972&w=2
and IIRC the working solution was to avoid sending 'b' macro at all, so
spamass-milter generates its own.
On 24.03.25 18:27, Andreas Haumer wrote:
Thank you!
This was very important input!
I now also found this on the Debian bug tracker: "spamass-milter adds bad Received:
header, creating false positive"
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775183>
this links to the same thread I reported, only on different site.
As well as this: "confMILTER_MACROS_ENVRCPT should probably not contain {b}
macro"
<https://github.com/andybalholm/spamass-milter/issues/9>
It seems I've hit a very old bug!
I have now changed my milter configuration to:
INPUT_MAIL_FILTER(`opendkim', `S=local:/var/run/opendkim/opendkim.sock')
INPUT_MAIL_FILTER(`pyspf-milter',
`S=local:/run/pyspf-milter/pyspf-milter.sock')dnl
INPUT_MAIL_FILTER(`opendmarc', `S=local:/var/run/opendmarc/opendmarc.sock')dnl
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass/spamass.sock, F=,
T=C:15m;S:4m;R:4m;E:10m')dnl
define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name},
{if_addr}')dnl
define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits},
{cert_subject}, {cert_issuer}')dnl
define(`confMILTER_MACROS_ENVFROM',`{auth_authen}')dnl
define(`confMILTER_MACROS_ENVRCPT',`i, j, r, v, Z, {auth_type}')dnl
I now have the "b" macro in MILTER_MACROS_CONNECT only
(as suggested by the debian bugreport)
you have missed the part in both links - this does not work.
you need to remove the 'b' macro out of macros, so spamass-milter generates
own, correct, date.
Now I have to wait and see if that helps.
(Of course I restarted sendmail now so I have to look very carefully
if the inserted "Received" header now contains the correct timestamp.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R)etry, (A)bort, (C)ancer
