Bug 3496 - rbl checks being applied to first hop
Summary: rbl checks being applied to first hop
Status: RESOLVED DUPLICATE of bug 2462
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (Eval Tests) (show other bugs)
Version: SVN Trunk (Latest Devel Version)
Hardware: Other Linux
: P5 normal
Target Milestone: 3.1.0
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-06-09 14:42 UTC by Nathan Neulinger
Modified: 2004-12-09 03:44 UTC (History)
0 users


Attachment Type Modified Status Actions Submitter/CLA Status
example message as passed to spamc application/octet-stream None Nathan Neulinger [NoCLA]
example message file that exhibits problem... text/plain None Nathan Neulinger [NoCLA]
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nathan Neulinger 2004-06-09 14:42:58 UTC 
I've got local mail sent from a local client - through our smtp server. Client 
ip is on the dialup/dynamic rbls. SA is getting hits on those rbls. 

The only log entries that seem interesting are the ones from SPF that say it was
delivered entirely by trusted relays, and the one about being unable to parse
IPv4 address... 

Am I misunderstanding something here? this behavior does not exist in a trunk
snapshot from 2004-03-29.

Here's the trace from spamd:

Jun  9 16:30:18 spamtest spamd[8224]: got connection over
/local/spamassassin/tmp/spamd.sock 
Jun  9 16:30:18 spamtest spamd[8224]: debug: Conf::SQL: executing SQL: select
preference, value  from userpref where username = 'nneul@msx.umr.edu' or
username = '@GLOBAL' order by username asc 
Jun  9 16:30:18 spamtest spamd[8224]: debug: retrieving prefs for
nneul@msx.umr.edu from SQL server 
Jun  9 16:30:18 spamtest spamd[8224]: debug: user has changed 
Jun  9 16:30:18 spamtest spamd[8224]: debug: Score set 1 chosen. 
Jun  9 16:30:18 spamtest spamd[8224]: processing message
<200406092129.i59LSfHF025467@smtp.umr.edu> for nneul@msx.umr.edu:23236. 
Jun  9 16:30:18 spamtest spamd[8224]: debug: received-header: could not parse
IPv4 address, assuming IPv6 
Jun  9 16:30:18 spamtest spamd[8224]: debug: received-header: parsed as [
ip=131.151.93.80 rdns=r08itlaptop.ddns.umr.edu helo=me.umr.edu by=smtp.umr.edu
ident= envfrom= intl=0 id=i59LSfHF025467 ] 
Jun  9 16:30:18 spamtest spamd[8224]: debug: is Net::DNS::Resolver available? yes 
Jun  9 16:30:18 spamtest spamd[8224]: debug: Net::DNS version: 0.38 
Jun  9 16:30:18 spamtest spamd[8224]: debug: looking up A records for
'smtp.umr.edu' 
Jun  9 16:30:18 spamtest spamd[8224]: debug: A records for 'smtp.umr.edu':
131.151.1.120 131.151.1.89 
Jun  9 16:30:18 spamtest spamd[8224]: debug: received-header: 'from'
131.151.93.80 is near to first 'by' 
Jun  9 16:30:18 spamtest spamd[8224]: debug: received-header: relay
131.151.93.80 trusted? yes internal? no 
Jun  9 16:30:18 spamtest spamd[8224]: debug: metadata: X-Spam-Relays-Trusted: [
ip=131.151.93.80 rdns=r08itlaptop.ddns.umr.edu helo=me.umr.edu by=smtp.umr.edu
ident= envfrom= intl=0 id=i59LSfHF025467 ] 
Jun  9 16:30:18 spamtest spamd[8224]: debug: metadata: X-Spam-Relays-Untrusted:  
Jun  9 16:30:18 spamtest spamd[8224]: debug: ---- MIME PARSER START ---- 
Jun  9 16:30:18 spamtest spamd[8224]: debug: main message type: text/plain 
Jun  9 16:30:18 spamtest spamd[8224]: debug: parsing normal part 
Jun  9 16:30:18 spamtest spamd[8224]: debug: added part, type: text/plain 
Jun  9 16:30:18 spamtest spamd[8224]: debug: ---- MIME PARSER END ---- 
Jun  9 16:30:18 spamtest spamd[8224]: debug: decoding: no encoding detected 
Jun  9 16:30:18 spamtest spamd[8224]: debug: Message too short for language
analysis 
Jun  9 16:30:18 spamtest spamd[8224]: debug: is Net::DNS::Resolver available? yes 
Jun  9 16:30:18 spamtest spamd[8224]: debug: Net::DNS version: 0.38 
Jun  9 16:30:18 spamtest spamd[8224]: debug: all '*From' addrs: rwa@umr.edu 
Jun  9 16:30:18 spamtest spamd[8224]: debug: Running tests for priority: 0 
Jun  9 16:30:18 spamtest spamd[8224]: debug: running header regexp tests; score
so far=0 
Jun  9 16:30:18 spamtest spamd[8224]: debug: all '*To' addrs: nneul@umr.edu 
Jun  9 16:30:18 spamtest spamd[8224]: debug: SPF: message was delivered entirely
via trusted relays, not required 
Jun  9 16:30:18 spamtest spamd[8224]: debug: SPF: message was delivered entirely
via trusted relays, not required 
Jun  9 16:30:18 spamtest spamd[8224]: debug: running body-text per-line regexp
tests; score so far=-0.714 
Jun  9 16:30:18 spamtest spamd[8224]: debug: running uri tests; score so far=-0.714 
Jun  9 16:30:19 spamtest spamd[8224]: debug: Razor2 is available 
Jun  9 16:30:19 spamtest spamd[8224]: debug: entering helper-app run mode 
Jun  9 16:30:19 spamtest spamd[8224]: debug: Using results from Razor v2.36 
Jun  9 16:30:19 spamtest spamd[8224]: debug: Found Razor2 part: part=0 engine=4
ct=0 cf=0 
Jun  9 16:30:19 spamtest spamd[8224]: debug: leaving helper-app run mode 
Jun  9 16:30:19 spamtest spamd[8224]: debug: Razor2 results: spam? 0  highest cf
score: 0 
Jun  9 16:30:19 spamtest spamd[8224]: debug: running raw-body-text per-line
regexp tests; score so far=-0.714 
Jun  9 16:30:19 spamtest spamd[8224]: debug: running full-text regexp tests;
score so far=-0.714 
Jun  9 16:30:19 spamtest spamd[8224]: debug: Pyzor is not available: pyzor not
found 
Jun  9 16:30:19 spamtest spamd[8224]: debug: DCCifd is available:
/local/dcc/redhat9/dccifd 
Jun  9 16:30:19 spamtest spamd[8224]: debug: entering helper-app run mode 
Jun  9 16:30:19 spamtest spamd[8224]: debug: DCCifd: got response:
X-DCC-UMR-Metrics: spamtest.cc.umr.edu 1057; Body=0 
Jun  9 16:30:19 spamtest spamd[8224]: debug: leaving helper-app run mode 
Jun  9 16:30:19 spamtest spamd[8224]: debug: Razor2 is available 
Jun  9 16:30:19 spamtest spamd[8224]: debug: Running tests for priority: 500 
Jun  9 16:30:20 spamtest spamd[8224]: debug: RBL: success for 6 of 6 queries 
Jun  9 16:30:20 spamtest spamd[8224]: debug: running meta tests; score so far=2.457 
Jun  9 16:30:20 spamtest spamd[8224]: debug: running header regexp tests; score
so far=2.457 
Jun  9 16:30:20 spamtest spamd[8224]: debug: running body-text per-line regexp
tests; score so far=2.457 
Jun  9 16:30:20 spamtest spamd[8224]: debug: running uri tests; score so far=2.457 
Jun  9 16:30:20 spamtest spamd[8224]: debug: running raw-body-text per-line
regexp tests; score so far=2.457 
Jun  9 16:30:20 spamtest spamd[8224]: debug: running full-text regexp tests;
score so far=2.457 
Jun  9 16:30:20 spamtest spamd[8224]: debug: Running tests for priority: 1000 
Jun  9 16:30:20 spamtest spamd[8224]: debug: running meta tests; score so far=2.457 
Jun  9 16:30:20 spamtest spamd[8224]: debug: running header regexp tests; score
so far=2.457 
Jun  9 16:30:20 spamtest spamd[8224]: debug: SQL Based AWL: Connected to
DBI:mysql:spamd:localhost 
Jun  9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based)
get_addr_entry: No entry found for rwa@umr.edu|ip=131.151 
Jun  9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based):
rwa@umr.edu|ip=131.151 scores 0/0 
Jun  9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based)
get_addr_entry: No entry found for rwa@umr.edu|ip=none 
Jun  9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based):
rwa@umr.edu|ip=none scores 0/0 
Jun  9 16:30:21 spamtest spamd[8224]: debug: AWL active, pre-score: 2.457,
autolearn score: 2.457, mean: undef, IP: 131.151.93.80 
Jun  9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based)
add_score: Created new entry for rwa@umr.edu|ip=131.151 with totscore: 2.457 
Jun  9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based) finish:
Disconnected from DBI:mysql:spamd:localhost 
Jun  9 16:30:21 spamtest spamd[8224]: debug: Post AWL score: 2.457 
Jun  9 16:30:21 spamtest spamd[8224]: debug: running body-text per-line regexp
tests; score so far=2.457 
Jun  9 16:30:21 spamtest spamd[8224]: debug: running uri tests; score so far=2.457 
Jun  9 16:30:21 spamtest spamd[8224]: debug: running raw-body-text per-line
regexp tests; score so far=2.457 
Jun  9 16:30:21 spamtest spamd[8224]: debug: running full-text regexp tests;
score so far=2.457 
Jun  9 16:30:21 spamtest spamd[8224]: debug: is spam? score=2.457 required=5 
Jun  9 16:30:21 spamtest spamd[8224]: debug:
tests=ALL_TRUSTED,MISSING_HEADERS,NO_REAL_NAME,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL 
Jun  9 16:30:21 spamtest spamd[8224]: debug:
subtests=__HAS_MSGID,__HAS_SUBJECT,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__TM2_MISC_DATA

Jun  9 16:30:22 spamtest spamd[8224]: clean message (2.5/5.0) for
nneul@msx.umr.edu:23236 in 4.4 seconds, 516 bytes. 
Jun  9 16:30:22 spamtest spamd[8224]: result: .  2 -
ALL_TRUSTED,MISSING_HEADERS,NO_REAL_NAME,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL
scantime=4.4,size=516,mid=<200406092129.i59LSfHF025467@smtp.umr.edu>,autolearn=disabled

Jun  9 16:30:22 spamtest qmail: 1086816622.905790 delivery 30: success:
131.151.1.113_accepted_message./Remote_host_said:_250_2.6.0__<200406092129.i59LSfHF025467@smtp.umr.edu>_Queued_mail_for_delivery/
Jun  9 16:30:22 spamtest qmail: 1086816622.921209 status: local 0/10 remote 0/25
Jun  9 16:30:22 spamtest qmail: 1086816622.931961 end msg 237735


And here are the message headers:

Received: from umr-msxproto2.umr.edu ([131.151.1.113]) by umr-mail11.umr.edu
with Microsoft SMTPSVC(6.0.3790.0);                                            
                            
         Wed, 9 Jun 2004 16:30:23 -0500                                        
                                                                               
                         
Received: from spamtest.cc.umr.edu ([131.151.0.89]) by umr-msxproto2.umr.edu
with Microsoft SMTPSVC(6.0.3790.0);                                            
                            
         Wed, 9 Jun 2004 16:30:22 -0500                                        
                                                                               
                         
Received: (qmail 9032 invoked from network); 9 Jun 2004 21:30:17 -0000         
                                                                               
                         
Received: from unknown (HELO smtp.umr.edu) (unknown)                           
                                                                               
                         
  by unknown with SMTP; 9 Jun 2004 21:30:17 -0000                              
                                                                               
                         
Received: from me.umr.edu (r08itlaptop.ddns.umr.edu [131.151.93.80])           
                                                                               
                         
        by smtp.umr.edu (8.12.11/) with SMTP id i59LSfHF025467                 
                                                                               
                         
        for <nneul@umr.edu>; Wed, 9 Jun 2004 16:29:34 -0500                    
                                                                               
                         
Date: Wed, 9 Jun 2004 16:28:41 -0500                                           
                                                                               
                         
From: rwa@umr.edu                                                              
                                                                               
                         
Message-Id: <200406092129.i59LSfHF025467@smtp.umr.edu>                         
                                                                               
                         
Subject: fake mail                                                             
                                                                               
                         
X-Spam-Level: **                                                               
                                                                               
                         
X-Spam-Status: No, score=2.5 required=5.0 tests=ALL_TRUSTED,MISSING_HEADERS,   
                                                                               
                         
        NO_REAL_NAME,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL autolearn=disabled    
                                                                               
                         
        version=3.0.0-r20550                                                   
                                                                               
                         
X-Spam-Checker-Version: SpamAssassin 3.0.0-r20550 (2004-05-28) on              
                                                                               
                         
        spamtest.cc.umr.edu                                                    
                                                                               
                         
X-Spam-DCC: UMR: spamtest.cc.umr.edu 1057; Body=0                              
                                                                               
                         
Bcc:                                                                           
                                                                               
                         
Return-Path: rwa@umr.edu                                                       
                                                                               
                         
X-OriginalArrivalTime: 09 Jun 2004 21:30:22.0834 (UTC)
FILETIME=[F8A4ED20:01C44E68]
Comment 1 Nathan Neulinger 2004-06-09 15:16:07 UTC 
Correction - it is occuring in that older snapshot. I don't know when this
started...
Comment 2 Nathan Neulinger 2004-06-09 15:30:05 UTC 
Test Case 1: Fails (hits the DUL rbls)

-------------------
Received: from me.umr.edu (r08itlaptop.ddns.umr.edu [131.151.93.80])
        by xxxx 
Subject: test

Testing...
-------------------

Test Case 2: (works, does not hit the DUL rbls)

-------------------
Received: from me.umr.edu (r08itlaptop.ddns.umr.edu [131.151.93.80])
        by 
Subject: test

Testing...
-------------------
Comment 3 Daniel Quinlan 2004-06-09 16:34:11 UTC 
We need you to attach (not cut and paste or via email) the exact original
messages.  Use the "Create a New Attachment" link on the bug page.

Thanks.
Comment 4 Nathan Neulinger 2004-06-09 17:36:00 UTC 
Created attachment 2021 [details]
example message as passed to spamc
Comment 5 Nathan Neulinger 2004-06-09 17:42:40 UTC 
Now that I look closer at this, I think this may have been my screwup when I set
this server up. I copied it from a ucspi install to a xinetd install, and forgot
to add tcp-env. Will see if that helps any. Still - seems like SA is being
overly sensitive here...
Comment 6 Nathan Neulinger 2004-06-09 17:48:14 UTC 
confirmed, fixing qmail-smtpd install corrected issue. Sorry for the trouble.
Comment 7 Nathan Neulinger 2004-06-24 08:55:37 UTC 
I was incorrect, this is still happening. I'll attach a test case momentarily.
If you filter this through spamc, it hits the NJABL and SORBS rbl checks.
Comment 8 Nathan Neulinger 2004-06-24 08:56:33 UTC 
Created attachment 2064 [details]
example message file that exhibits problem...
Comment 9 Daniel Quinlan 2004-08-27 17:19:47 UTC 
more accuracy and performance bugs going to 3.1.0 milestone
Comment 10 Daryl C. W. O'Shea 2004-12-09 00:48:00 UTC 
This is a trust configuration error.

If for some reason blanket trust cannot be placed on the university's dialup IPs
bug 2462 (which could use some voting) would resolve this issue by allowing them
to use SMTP auth.


Daryl
Comment 11 Justin Mason 2004-12-09 12:44:31 UTC 
agreed, marking dup of 2462

*** This bug has been marked as a duplicate of 2462 ***