Ok so since I am at the mercy of my hosting provider (Media Temple)
to upgrade SA, we are at 3.0.6, I attempted to apply the patch in
bugzilla to Received.pm.
it looks like the patch for SquirrelMail has already been applied so
I just added the lines for the 'Ignores Received header inserted by
IMP' and 'Extend IMP-Patch to IMP and Horde3' patches.
Bug#:3236 http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3236
I'm pretty new at this bugzilla thing so I hope I am doing this right.
(I added the lines with the plus signs in front of them and deleted
the plus signs)
I restarted SA. Everything seems to be ok. Spawned Child process....
But the Horde mail is still tagged as spam.
Is restarting SA enough to make the changes effective?
I am on CentOS with Plesk/Qmail
---------------this is from the log:
Feb 21 21:51:48 as spamd[32197]: processing message
<[EMAIL PROTECTED]> for
[EMAIL PROTECTED]:110.
Feb 21 21:51:49 as spamd[32197]: identified spam (6.0/5.0) for
[EMAIL PROTECTED]:110 in 0.7 seconds, 876 bytes.
Feb 21 21:51:49 as spamd[32197]: result: Y 6 -
AWL,BAYES_00,HELO_DYNAMIC_DHCP,HELO_DYNAMIC_HCC,HELO_DYNAMIC_IPADDR,NO_R
EAL_NAME
scantime=0.7,size=876,mid=<[EMAIL PROTECTED]
god.com>,bayes=5.55111512312578e-17,autolearn=no
--------------Here are the headers from the tagged email:
Content analysis details: (6.0 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
2.0 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname
(HCC)
2.5 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname
(DHCP)
1.5 NO_REAL_NAME From: does not include a real name
2.5 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname
(IP addr 1)
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
0.1 AWL AWL: From: address is in the auto white-
list
Received: (qmail 7369 invoked by uid 110); 21 Feb 2007 22:01:50 -0800
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 7345 invoked from network); 21 Feb 2007 22:01:45 -0800
Received: from localhost (127.0.0.1)
by localhost with SMTP; 21 Feb 2007 22:01:45 -0800
Received: from adsl-63-198-201-222.dsl.snfc21.pacbell.net
(adsl-63-198-201-222.dsl.snfc21.pacbell.net [63.198.201.222]) by
webmail.smallgod.com (Horde MIME library) with HTTP; Wed, 21 Feb 2007
22:01:45 -0800
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 21 Feb 2007 22:01:45 -0800
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: ddddddd
MIME-Version: 1.0
Content-Type: text/plain;
charset=ISO-8859-1;
DelSp="Yes";
format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.1.3)
----------------------------
Funny thing is I am on a static IP so i believe the DYNAMIC_DHCP
rule shouldn't apply.
But then again maybe it has nothing to do with the my IP
Thanks for your help.
JP Kelly
On Feb 21, 2007, at 1:53 AM, Justin Mason wrote:
yeah, it should be all versions *since* 3.1.0 (note that the
original mail was sent 2 years ago).
If you have a more recent mail that falls foul of the rule, open
a bug in the bugzilla and *attach* a sample message that demonstrates
the problem.
--j.
JP Kelly writes:
regarding the problem where mail from horde gets hit with
HELO_DYNAMIC_DHCP rule due to sender's IP address.
see below...
do you mean SA 3.1?
On Apr 14, 2005, at 3:08 PM, Justin Mason wrote:
check the bugzilla -- I'm pretty sure this is fixed for 3.1.0.
- --j.
This is the IP from the computer the user was using to send mail.
Some thing
is very wrong here. Why IMP 4.x takes user ip and send it as
Helo?? This
does no happens with imp 3.x. I guess i have two options one hack
imp code
to send localhost in helo or make spamassasin igonore imp headers.
