SA Bugzilla – Bug 3496
rbl checks being applied to first hop
Last modified: 2004-12-09 03:44:31 UTC
I've got local mail sent from a local client - through our smtp server. Client ip is on the dialup/dynamic rbls. SA is getting hits on those rbls. The only log entries that seem interesting are the ones from SPF that say it was delivered entirely by trusted relays, and the one about being unable to parse IPv4 address... Am I misunderstanding something here? this behavior does not exist in a trunk snapshot from 2004-03-29. Here's the trace from spamd: Jun 9 16:30:18 spamtest spamd[8224]: got connection over /local/spamassassin/tmp/spamd.sock Jun 9 16:30:18 spamtest spamd[8224]: debug: Conf::SQL: executing SQL: select preference, value from userpref where username = 'nneul@msx.umr.edu' or username = '@GLOBAL' order by username asc Jun 9 16:30:18 spamtest spamd[8224]: debug: retrieving prefs for nneul@msx.umr.edu from SQL server Jun 9 16:30:18 spamtest spamd[8224]: debug: user has changed Jun 9 16:30:18 spamtest spamd[8224]: debug: Score set 1 chosen. Jun 9 16:30:18 spamtest spamd[8224]: processing message <200406092129.i59LSfHF025467@smtp.umr.edu> for nneul@msx.umr.edu:23236. Jun 9 16:30:18 spamtest spamd[8224]: debug: received-header: could not parse IPv4 address, assuming IPv6 Jun 9 16:30:18 spamtest spamd[8224]: debug: received-header: parsed as [ ip=131.151.93.80 rdns=r08itlaptop.ddns.umr.edu helo=me.umr.edu by=smtp.umr.edu ident= envfrom= intl=0 id=i59LSfHF025467 ] Jun 9 16:30:18 spamtest spamd[8224]: debug: is Net::DNS::Resolver available? yes Jun 9 16:30:18 spamtest spamd[8224]: debug: Net::DNS version: 0.38 Jun 9 16:30:18 spamtest spamd[8224]: debug: looking up A records for 'smtp.umr.edu' Jun 9 16:30:18 spamtest spamd[8224]: debug: A records for 'smtp.umr.edu': 131.151.1.120 131.151.1.89 Jun 9 16:30:18 spamtest spamd[8224]: debug: received-header: 'from' 131.151.93.80 is near to first 'by' Jun 9 16:30:18 spamtest spamd[8224]: debug: received-header: relay 131.151.93.80 trusted? yes internal? no Jun 9 16:30:18 spamtest spamd[8224]: debug: metadata: X-Spam-Relays-Trusted: [ ip=131.151.93.80 rdns=r08itlaptop.ddns.umr.edu helo=me.umr.edu by=smtp.umr.edu ident= envfrom= intl=0 id=i59LSfHF025467 ] Jun 9 16:30:18 spamtest spamd[8224]: debug: metadata: X-Spam-Relays-Untrusted: Jun 9 16:30:18 spamtest spamd[8224]: debug: ---- MIME PARSER START ---- Jun 9 16:30:18 spamtest spamd[8224]: debug: main message type: text/plain Jun 9 16:30:18 spamtest spamd[8224]: debug: parsing normal part Jun 9 16:30:18 spamtest spamd[8224]: debug: added part, type: text/plain Jun 9 16:30:18 spamtest spamd[8224]: debug: ---- MIME PARSER END ---- Jun 9 16:30:18 spamtest spamd[8224]: debug: decoding: no encoding detected Jun 9 16:30:18 spamtest spamd[8224]: debug: Message too short for language analysis Jun 9 16:30:18 spamtest spamd[8224]: debug: is Net::DNS::Resolver available? yes Jun 9 16:30:18 spamtest spamd[8224]: debug: Net::DNS version: 0.38 Jun 9 16:30:18 spamtest spamd[8224]: debug: all '*From' addrs: rwa@umr.edu Jun 9 16:30:18 spamtest spamd[8224]: debug: Running tests for priority: 0 Jun 9 16:30:18 spamtest spamd[8224]: debug: running header regexp tests; score so far=0 Jun 9 16:30:18 spamtest spamd[8224]: debug: all '*To' addrs: nneul@umr.edu Jun 9 16:30:18 spamtest spamd[8224]: debug: SPF: message was delivered entirely via trusted relays, not required Jun 9 16:30:18 spamtest spamd[8224]: debug: SPF: message was delivered entirely via trusted relays, not required Jun 9 16:30:18 spamtest spamd[8224]: debug: running body-text per-line regexp tests; score so far=-0.714 Jun 9 16:30:18 spamtest spamd[8224]: debug: running uri tests; score so far=-0.714 Jun 9 16:30:19 spamtest spamd[8224]: debug: Razor2 is available Jun 9 16:30:19 spamtest spamd[8224]: debug: entering helper-app run mode Jun 9 16:30:19 spamtest spamd[8224]: debug: Using results from Razor v2.36 Jun 9 16:30:19 spamtest spamd[8224]: debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0 Jun 9 16:30:19 spamtest spamd[8224]: debug: leaving helper-app run mode Jun 9 16:30:19 spamtest spamd[8224]: debug: Razor2 results: spam? 0 highest cf score: 0 Jun 9 16:30:19 spamtest spamd[8224]: debug: running raw-body-text per-line regexp tests; score so far=-0.714 Jun 9 16:30:19 spamtest spamd[8224]: debug: running full-text regexp tests; score so far=-0.714 Jun 9 16:30:19 spamtest spamd[8224]: debug: Pyzor is not available: pyzor not found Jun 9 16:30:19 spamtest spamd[8224]: debug: DCCifd is available: /local/dcc/redhat9/dccifd Jun 9 16:30:19 spamtest spamd[8224]: debug: entering helper-app run mode Jun 9 16:30:19 spamtest spamd[8224]: debug: DCCifd: got response: X-DCC-UMR-Metrics: spamtest.cc.umr.edu 1057; Body=0 Jun 9 16:30:19 spamtest spamd[8224]: debug: leaving helper-app run mode Jun 9 16:30:19 spamtest spamd[8224]: debug: Razor2 is available Jun 9 16:30:19 spamtest spamd[8224]: debug: Running tests for priority: 500 Jun 9 16:30:20 spamtest spamd[8224]: debug: RBL: success for 6 of 6 queries Jun 9 16:30:20 spamtest spamd[8224]: debug: running meta tests; score so far=2.457 Jun 9 16:30:20 spamtest spamd[8224]: debug: running header regexp tests; score so far=2.457 Jun 9 16:30:20 spamtest spamd[8224]: debug: running body-text per-line regexp tests; score so far=2.457 Jun 9 16:30:20 spamtest spamd[8224]: debug: running uri tests; score so far=2.457 Jun 9 16:30:20 spamtest spamd[8224]: debug: running raw-body-text per-line regexp tests; score so far=2.457 Jun 9 16:30:20 spamtest spamd[8224]: debug: running full-text regexp tests; score so far=2.457 Jun 9 16:30:20 spamtest spamd[8224]: debug: Running tests for priority: 1000 Jun 9 16:30:20 spamtest spamd[8224]: debug: running meta tests; score so far=2.457 Jun 9 16:30:20 spamtest spamd[8224]: debug: running header regexp tests; score so far=2.457 Jun 9 16:30:20 spamtest spamd[8224]: debug: SQL Based AWL: Connected to DBI:mysql:spamd:localhost Jun 9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based) get_addr_entry: No entry found for rwa@umr.edu|ip=131.151 Jun 9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based): rwa@umr.edu|ip=131.151 scores 0/0 Jun 9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based) get_addr_entry: No entry found for rwa@umr.edu|ip=none Jun 9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based): rwa@umr.edu|ip=none scores 0/0 Jun 9 16:30:21 spamtest spamd[8224]: debug: AWL active, pre-score: 2.457, autolearn score: 2.457, mean: undef, IP: 131.151.93.80 Jun 9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based) add_score: Created new entry for rwa@umr.edu|ip=131.151 with totscore: 2.457 Jun 9 16:30:21 spamtest spamd[8224]: debug: auto-whitelist (sql-based) finish: Disconnected from DBI:mysql:spamd:localhost Jun 9 16:30:21 spamtest spamd[8224]: debug: Post AWL score: 2.457 Jun 9 16:30:21 spamtest spamd[8224]: debug: running body-text per-line regexp tests; score so far=2.457 Jun 9 16:30:21 spamtest spamd[8224]: debug: running uri tests; score so far=2.457 Jun 9 16:30:21 spamtest spamd[8224]: debug: running raw-body-text per-line regexp tests; score so far=2.457 Jun 9 16:30:21 spamtest spamd[8224]: debug: running full-text regexp tests; score so far=2.457 Jun 9 16:30:21 spamtest spamd[8224]: debug: is spam? score=2.457 required=5 Jun 9 16:30:21 spamtest spamd[8224]: debug: tests=ALL_TRUSTED,MISSING_HEADERS,NO_REAL_NAME,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL Jun 9 16:30:21 spamtest spamd[8224]: debug: subtests=__HAS_MSGID,__HAS_SUBJECT,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__TM2_MISC_DATA Jun 9 16:30:22 spamtest spamd[8224]: clean message (2.5/5.0) for nneul@msx.umr.edu:23236 in 4.4 seconds, 516 bytes. Jun 9 16:30:22 spamtest spamd[8224]: result: . 2 - ALL_TRUSTED,MISSING_HEADERS,NO_REAL_NAME,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL scantime=4.4,size=516,mid=<200406092129.i59LSfHF025467@smtp.umr.edu>,autolearn=disabled Jun 9 16:30:22 spamtest qmail: 1086816622.905790 delivery 30: success: 131.151.1.113_accepted_message./Remote_host_said:_250_2.6.0__<200406092129.i59LSfHF025467@smtp.umr.edu>_Queued_mail_for_delivery/ Jun 9 16:30:22 spamtest qmail: 1086816622.921209 status: local 0/10 remote 0/25 Jun 9 16:30:22 spamtest qmail: 1086816622.931961 end msg 237735 And here are the message headers: Received: from umr-msxproto2.umr.edu ([131.151.1.113]) by umr-mail11.umr.edu with Microsoft SMTPSVC(6.0.3790.0); Wed, 9 Jun 2004 16:30:23 -0500 Received: from spamtest.cc.umr.edu ([131.151.0.89]) by umr-msxproto2.umr.edu with Microsoft SMTPSVC(6.0.3790.0); Wed, 9 Jun 2004 16:30:22 -0500 Received: (qmail 9032 invoked from network); 9 Jun 2004 21:30:17 -0000 Received: from unknown (HELO smtp.umr.edu) (unknown) by unknown with SMTP; 9 Jun 2004 21:30:17 -0000 Received: from me.umr.edu (r08itlaptop.ddns.umr.edu [131.151.93.80]) by smtp.umr.edu (8.12.11/) with SMTP id i59LSfHF025467 for <nneul@umr.edu>; Wed, 9 Jun 2004 16:29:34 -0500 Date: Wed, 9 Jun 2004 16:28:41 -0500 From: rwa@umr.edu Message-Id: <200406092129.i59LSfHF025467@smtp.umr.edu> Subject: fake mail X-Spam-Level: ** X-Spam-Status: No, score=2.5 required=5.0 tests=ALL_TRUSTED,MISSING_HEADERS, NO_REAL_NAME,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL autolearn=disabled version=3.0.0-r20550 X-Spam-Checker-Version: SpamAssassin 3.0.0-r20550 (2004-05-28) on spamtest.cc.umr.edu X-Spam-DCC: UMR: spamtest.cc.umr.edu 1057; Body=0 Bcc: Return-Path: rwa@umr.edu X-OriginalArrivalTime: 09 Jun 2004 21:30:22.0834 (UTC) FILETIME=[F8A4ED20:01C44E68]
Correction - it is occuring in that older snapshot. I don't know when this started...
Test Case 1: Fails (hits the DUL rbls) ------------------- Received: from me.umr.edu (r08itlaptop.ddns.umr.edu [131.151.93.80]) by xxxx Subject: test Testing... ------------------- Test Case 2: (works, does not hit the DUL rbls) ------------------- Received: from me.umr.edu (r08itlaptop.ddns.umr.edu [131.151.93.80]) by Subject: test Testing... -------------------
We need you to attach (not cut and paste or via email) the exact original messages. Use the "Create a New Attachment" link on the bug page. Thanks.
Created attachment 2021 [details] example message as passed to spamc
Now that I look closer at this, I think this may have been my screwup when I set this server up. I copied it from a ucspi install to a xinetd install, and forgot to add tcp-env. Will see if that helps any. Still - seems like SA is being overly sensitive here...
confirmed, fixing qmail-smtpd install corrected issue. Sorry for the trouble.
I was incorrect, this is still happening. I'll attach a test case momentarily. If you filter this through spamc, it hits the NJABL and SORBS rbl checks.
Created attachment 2064 [details] example message file that exhibits problem...
more accuracy and performance bugs going to 3.1.0 milestone
This is a trust configuration error. If for some reason blanket trust cannot be placed on the university's dialup IPs bug 2462 (which could use some voting) would resolve this issue by allowing them to use SMTP auth. Daryl
agreed, marking dup of 2462 *** This bug has been marked as a duplicate of 2462 ***