Stefan `Sec` Zehl writes:
> Hi,
>
> Ok, I debugged this a bit more.
>
> Problem is, these headers were marked as ALL_TRUSTED:
>
> > > | Received: from mout4.freenet.de (mout4.freenet.de
> > > [IPv6:2001:748:100:40::2:6])
> > > | (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
> > > | (No client certificate requested)
> > > | by ice.42.org (Postfix) with ESMTPS id D189AB85A
> > > | for <[EMAIL PROTECTED]>; Tue, 26 Feb 2008 11:51:08 +0100 (CET)
> > > | Received: from [195.4.92.23] (helo=13.mx.freenet.de)
> > > | by mout4.freenet.de with esmtpa (Exim 4.69)
> > > | (envelope-from <[EMAIL PROTECTED]>)
> > > | id 1JTxOR-0002Vk-38; Tue, 26 Feb 2008 11:50:39 +0100
> > > | Received: from [82.128.34.27] (port=1797 helo=User)
> > > | by 13.mx.freenet.de with esmtpa (ID [EMAIL PROTECTED]) (port
> > > 25) (Exim 4.69 #10)
> > > | id 1JTxOO-0005uv-2T; Tue, 26 Feb 2008 11:50:38 +0100
>
> The detailed problem is, the first header is completely ignored because
> of its IPv6 content.
>
> The second line contains "with esmtpa" which makes SpamAssassin
> unconditionally trust this header. Case in Point:
>
> SpamAssassin/Message/Metadata/Received.pm around line 192:
> | # trusted_networks matches?
> | if (!$relay->{auth} && !$trusted->contains_ip($relay->{ip})) {
> | $in_trusted = 0;
>
> It is completely irrelevant if the IP is in trusted_networks or not. If
> the Received line contains "auth" which at this point contains "esmtpa"
> it considers the Header good and trusted.
>
> I fixed that particular problem for now by forcing "auth" to be empty
> at the end of the "parse_received_line" function, but as $auth was
> included for some reason, somebody should look closer at how to fix this
> completely.
The fix would be to implement support for IPv6 trust paths:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4503
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4964
--j.
