Hi, On Tue, Feb 26, 2008 at 14:56 +0100, Stefan `Sec` Zehl wrote: > [... on producing ALL_TRUSTED with these header ...] > > | Received: from mout4.freenet.de (mout4.freenet.de > [IPv6:2001:748:100:40::2:6]) > | (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) > | (No client certificate requested) > | by ice.42.org (Postfix) with ESMTPS id D189AB85A > | for <[EMAIL PROTECTED]>; Tue, 26 Feb 2008 11:51:08 +0100 (CET) > | Received: from [195.4.92.23] (helo=13.mx.freenet.de) > | by mout4.freenet.de with esmtpa (Exim 4.69) > | (envelope-from <[EMAIL PROTECTED]>) > | id 1JTxOR-0002Vk-38; Tue, 26 Feb 2008 11:50:39 +0100 > | Received: from [82.128.34.27] (port=1797 helo=User) > | by 13.mx.freenet.de with esmtpa (ID [EMAIL PROTECTED]) (port 25) > (Exim 4.69 #10) > | id 1JTxOO-0005uv-2T; Tue, 26 Feb 2008 11:50:38 +0100
I did some more Tests with these headers. They are unconditionally marked as trusted. The problem is the following line from "spamassasin -D -L -t": | [52994] dbg: received-header: could not parse IPv4 address, assuming IPv6 As soon as this line appears, sa trusts everything. No matter what you set in trusted_networks or anywhere else. It doesn't even parse that header at all (notice that there are only two "parsed as" lines): | [53147] dbg: received-header: parsed as [ ip=195.4.92.23 rdns= helo=13.mx.freenet.de by=mout4.freenet.de ident= [EMAIL PROTECTED] intl=0 id=1JTxOR-0002Vk-38 auth=esmtpa msa=0 ] | [53147] dbg: received-header: relay 195.4.92.23 trusted? yes internal? yes msa? no | [53147] dbg: received-header: parsed as [ ip=82.128.34.27 rdns= helo=User by=13.mx.freenet.de ident= envfrom= intl=0 id=1JTxOO-0005uv-2T auth=esmtpa msa=0 ] | [53147] dbg: received-header: relay 82.128.34.27 trusted? yes internal? yes msa? no Replacing the "[IPv6:2001:748:100:40::2:6]" with "[1.2.3.4]", everything is back to normal: | [53033] dbg: received-header: parsed as [ ip=1.2.3.4 rdns=mout4.freenet.de helo=mout4.freenet.de by=ice.42.org ident= envfrom= intl=0 id=D189AB85A auth= msa=0 ] | [53033] dbg: received-header: relay 1.2.3.4 trusted? no internal? no msa? no | [53033] dbg: received-header: parsed as [ ip=195.4.92.23 rdns= helo=13.mx.freenet.de by=mout4.freenet.de ident= [EMAIL PROTECTED] intl=0 id=1JTxOR-0002Vk-38 auth=esmtpa msa=0 ] [53033] dbg: received-header: relay 195.4.92.23 trusted? no internal? no msa? no | [53033] dbg: received-header: parsed as [ ip=82.128.34.27 rdns= helo=User by=13.mx.freenet.de ident= envfrom= intl=0 id=1JTxOO-0005uv-2T auth=esmtpa msa=0 ] | [53033] dbg: received-header: relay 82.128.34.27 trusted? no internal? no msa? no So it appears that spamassassins v6 support is broken. -- Is there some config option i missed, or is the only solution to turn off IPv6 on my mailserver? CU, Sec -- "The General who in a hundred battles is always victorious is not as great as the one who achieves his objectives without fighting." -- Sun Tzu