Howdy folks,
I'm experiencing a problem with some people (myself included) who are not
properly receiving their Consumer's Energy bills. Rather, the bills are
being marked as spam and sent into their SPAM folders. One of the two
things being marked by the Spam-Report are RCVD_ILLEGAL_IP
I found the function that does the checking for this information in the
Mail-Spamassassin (or perl-spamassassin-3.2.1-1) package. We have this
installed out of RPMs for OpenSuSE 10.2 (both x86 and amd64)
Here is the function:
sub check_for_illegal_ip {
my ($self, $pms) = @_;
foreach my $rcvd ( @{$pms->{relays_untrusted}} ) {
# (note this might miss some hits if the Received.pm skips any invalid
IPs)
foreach my $check ( $rcvd->{ip}, $rcvd->{by} ) {
return 1 if ($check =~ /^
(?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+
$/x);
}
}
return 0;
}
I'm having a hard time understanding the regex myself. Our network admin
is actually the person who brought the issue to my attention, I didn't
even realize I wasn't receiving my own bills and I imagine other folks are
not either. Here are the headers from the message with some info REDACTED
to avoid robots crawling for email addresses. Our network admin says the
IP is certainly a legal one, and it pings for us as well as for other
people. Anyway, here's another paste:
----[begin paste]----
Return-path: <[EMAIL PROTECTED]>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on
mx03.mail.msu.edu
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.3 required=5.0 tests=INVALID_TZ_EST,
RCVD_ILLEGAL_IP shortcircuit=no autolearn=disabled version=3.2.1
X-Spam-Report:
* 2.1 INVALID_TZ_EST Invalid date in header (wrong EST timezone)
* 3.2 RCVD_ILLEGAL_IP Received: contains illegal IP address
Envelope-to: [EMAIL PROTECTED]
Delivery-date: Fri, 01 Aug 2008 06:15:17 -0400
Received: from mail.consumersenergy.com ([67.59.61.131]
helo=dmzhpu01.cpco.com)
by mx03.mail.msu.edu with esmtp (Exim 4.63 #1)
id 1KOrfJ-00026T-Cg
for [EMAIL PROTECTED]; Fri, 01 Aug 2008 06:15:17 -0400
Received: from cmsenergy.com ([EMAIL PROTECTED] [1.226.208.65])
by dmzhpu01.cpco.com (8.11.1/8.11.1) with ESMTP id m71AFGJ28409
for <[EMAIL PROTECTED]>; Fri, 1 Aug 2008 06:15:17 -0400 (EDT)
Date: Fri, 1 Aug 2008 05:14:38 -0400 (EST)
From: "eServices" <[EMAIL PROTECTED]>
Subject: Consumers Energy bill ready to view
To: [EMAIL PROTECTED]
Reply-To: "eServices" <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Importance: Normal
X-Priority: 3 (Normal)
X-Mailer: SAP Web Application Server 7.00
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Description: Consumers Energy bill ready to view
X-Virus: None found by Clam AV
----[end paste]----
I'm guessing the IP address in question is: 1.226.208.65
While it certainly is not within a range I see all that often, I am
assured by our hostmaster that it is legit. Another one I've seen is
1.226.208.61
Any ideas on why this is being picked up incorrectly? Or are we way off
base, and it is indeed *wrong?* I am admittedly kind of new to dealing
with the inner-workings of SpamAssassin. I took the job as a mail admin
a couple of years ago, and SA has simply *worked* as setup by the previous
admin. I'll be glad to dig around, but I'm still kind of learning it.
Thanks for any ideas.
Regards,
./brm
