|
SA Bugzilla – Full Text Bug Listing |
Summary: | RDNS_NONE has false positives if the MTA doesn't put the hostname in the Received header | ||
---|---|---|---|
Product: | Spamassassin | Reporter: | John Rudd <john> |
Component: | Rules | Assignee: | SpamAssassin Developer Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P5 | ||
Version: | 3.2.1 | ||
Target Milestone: | 3.2.4 | ||
Hardware: | Sun | ||
OS: | Solaris | ||
Whiteboard: |
Description
John Rudd
2007-08-05 18:08:58 UTC
> if (Received =~ /\(CommuniGate Pro SMTP /) {
Thinking more about it, the above line probably should omit the protocol (SMTP), because the same basic
problem will happen if it's from webmail, etc. So, a better expression would probably be:
if ( Received =~ /by \S+ \(CommuniGate Pro \S+ [0-9\.c]+\)/ ) {
(In reply to comment #1) > > if ( Received =~ /by \S+ \(CommuniGate Pro \S+ [0-9\.c]+\)/ ) { > Sorry, just realized that doesn't work if it's a basic/free/community license (it puts _community_ after the version number, and before the closing parenthesis). This is probably better: if ( Received =~ /by \S+ \(CommuniGate Pro/ ) { My apologies for not including a sample header. Here is one: Return-Path: <myette@mvnhealth.com> Delivered-To: matt@integrityhosting.org Received: (qmail 20591 invoked by uid 511); 6 Aug 2007 12:24:23 -0000 Received: from 64.9.116.126 by mail.integrityhosting.org (envelope-from <myette@mvnhealth.com>, uid 509) with qmail-scanner-1.25st (clamdscan: 0.91.1/3302. spamassassin: 3.2.2. perlscan: 1.25st. Clear:RC:0(64.9.116.126):SA:0(-2.5/4.0):. Processed in 2.197283 secs); 06 Aug 2007 12:24:23 -0000 X-Spam-Status: No, hits=-2.5 required=4.0 X-Spam-Report: SA TESTS 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 AWL AWL: From: address is in the auto white-list Received: from unknown (HELO gwia1-lx.mvnhealth.com) (64.9.116.126) by 0 with SMTP; 6 Aug 2007 12:24:20 -0000 Received: from MVN-INT3-MTA by gwia1-lx.mvnhealth.com with Novell_GroupWise; Mon, 06 Aug 2007 08:24:19 -0400 Message-Id: <46B6DAA5.4335.00D3.0@mvnhealth.com> X-Mailer: Novell GroupWise Internet Agent 7.0.1 Date: Mon, 06 Aug 2007 08:24:05 -0400 From: "Matthew Yette" <myette@mvnhealth.com> To: <matt@integrityhosting.org> Subject: test2 Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="=__Part7E5982F5.0__=" added RDNS_NONE_BUG_5586 for testing, to see what effect this change has: : jm 49...; svn commit -m "bug 5586: add a test rule to avoid RDNS_NONE false positives" rulesrc/sandbox/jm/20_bug5586.cf Adding rulesrc/sandbox/jm/20_bug5586.cf Transmitting file data . Committed revision 574928. (In reply to comment #3) > My apologies for not including a sample header. Here is one: > Received: from unknown (HELO gwia1-lx.mvnhealth.com) (64.9.116.126) > by 0 with SMTP; 6 Aug 2007 12:24:20 -0000 "by 0"? in the qmail case, isn't it possible to simply enable rDNS lookups in the qmail config? (In reply to comment #4) > added RDNS_NONE_BUG_5586 for testing, to see what effect this change has: > > : jm 49...; svn commit -m "bug 5586: add a test rule to avoid RDNS_NONE false > positives" rulesrc/sandbox/jm/20_bug5586.cf > Adding rulesrc/sandbox/jm/20_bug5586.cf > Transmitting file data . > Committed revision 574928. looks ok so far: http://ruleqa.spamassassin.org/?daterev=20070913-r575223-n&rule=%2FRDNS_NONE&srcpath=&g=Change looks great! http://ruleqa.spamassassin.org/?daterev=20070913-r575223-n&rule=%2FRDNS_NONE&srcpath=&g=Change 0.00000 42.6479 16509 of 38710 messages 2.7170 736 of 27089 messages 0.940 0.69 0.00 T_RDNS_NONE_BUG_5586 0.00000 42.6582 16513 of 38710 messages 2.7465 744 of 27089 messages 0.940 0.69 0.10 RDNS_NONE so, +1 to replacing it. applied to trunk: : jm 22...; svn commit -m "bug 5586: RDNS_NONE has false positives if the MTA doesn't put the hostname in the Received header, like Communigate Pro. add an exception for this" rules/20_dynrdns.cf rulesrc/sandbox/jm/ Deleting rulesrc/sandbox/jm/20_bug5586.cf Sending rules/20_dynrdns.cf Transmitting file data . Committed revision 578777. applied to 3.2.x: : jm 50...; svn commit -m "bug 5586: RDNS_NONE has false positives if the MTA doesn't put the hostname in the Received header, like Communigate Pro. add an exception for this" rules/20_dynrdns.cf Sending rules/20_dynrdns.cf Transmitting file data . Committed revision 578778. applied to 3.2.x rule updates: : jm 37...; svn commit -m "bug 5586: RDNS_NONE has false positives if the MTA doesn't put the hostname in the Received header, like Communigate Pro. add an exception for this" 20_dynrdns.cf Sending 20_dynrdns.cf Transmitting file data . Committed revision 578781. There was a typo in the 3.2 checkins. The header rule was left named RDNS_NONE instead of __RDNS_NONE. $ svn ci -m "bug 5586: fix typo in the fix that was checked in to branch 3.2" rules/20_dynrdns.cf Sending rules/20_dynrdns.cf Transmitting file data . Committed revision 604549. $ cd ../../rules/branches/3.2/ $ svn ci -m "bug 5586: fix typo in the fix that was checked in to branch 3.2 rules update" 20_dynrdns.cf Sending 20_dynrdns.cf Transmitting file data . Committed revision 604550. |