5064 – RCVD_IN_WHOIS_BOGONS FP on the sender's internal network

Bug 5064 - RCVD_IN_WHOIS_BOGONS FP on the sender's internal network

Summary: RCVD_IN_WHOIS_BOGONS FP on the sender's internal network

Status:	RESOLVED FIXED

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Rules (show other bugs)
Version:	3.1.3
Hardware:	Other other

Importance:	P5 normal
Target Milestone:	Undefined
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-08-24 13:17 UTC by Nick Leverton
Modified:	2011-05-01 22:44 UTC (History)
CC List:	1 user (show)

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Headers from example mail.	text/plain			None	Nick Leverton
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nick Leverton 2006-08-24 13:17:11 UTC

The RCVD_IN_WHOIS_BOGONS test is mis-firing on mail from mobistar.be, who use  
externally-invalid netblocks in their internal network (to be precise,  
175.175.74.19) but who deliver through a valid external MX.  
  
It seems to me that this rule and   
RCVD_IN_WHOIS_HIJACKED should use the -notfirsthop modifier, as   
RCVD_IN_WHOIS_INVALID already does. 
   
Do the corpora show any examples of spam originating from bogon/hijacked   
netspace but sending through a non-bogon IP address ?  If there are, those   
would be missed by such a change so it'd be a bad idea - but otherwise I think  
it makes sense.

Comment 1 Nick Leverton 2006-08-24 13:41:35 UTC

Created attachment 3674 [details]
Headers from example mail.

Comment 2 Nick Leverton 2006-08-24 13:53:37 UTC

Minor correction: in 3.1.3 please read the foregoing as -lastexternal not 
-notfirsthop.

Comment 3 Justin Mason 2007-02-09 06:47:25 UTC

is this still an issue in the 3.2.0 snapshots?  looks like it might have fallen
through the cracks :(

Comment 4 Henrik Krohns 2011-05-01 22:44:56 UTC

Closing obsolete bug.