5433 – Need a workaround for Earthlink routing stupidity

Bug 5433 - Need a workaround for Earthlink routing stupidity

Summary: Need a workaround for Earthlink routing stupidity

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Rules (Eval Tests) (show other bugs)
Version:	unspecified
Hardware:	Other other

Importance:	P5 normal
Target Milestone:	Undefined
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-04-25 04:07 UTC by Loren Wilton
Modified:	2007-04-25 16:36 UTC (History)
CC List:	0 users

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Loren Wilton 2007-04-25 04:07:43 UTC

Earthlink has added a hop to all of its mail routes that is address 127.0.0.1.  
I believe this bogus node probably breaks first_untrusted and similar rules if 
you extend trust to the Earthlink servers.

Below are typical received headers, in this case for a spam from "friend 
([84.22.20.109])".  Notice this was received by "noehlo.host ([127.0.0.1])", 
which is actually part of the Earthlink network; seemingly the front door.

While it would be nice to get Earthlink to fix this idiocy, they are now 
populated solely by incompetents, and it isn't possible to communicate with 
thinking humans that could recognize they have created a problem.  Since the 
hostname and address appears to be fixed, I think a workaround for this special 
case may be the best possible solution.


Received: from smtp.earthlink.net [209.86.93.204]
	by localhost with POP3 (fetchmail-6.2.5.5)
	for <> (single-drop); Wed, 25 Apr 2007 02:52:48 -0700 (PDT)
Received: from noehlo.host ([127.0.0.1])
	by mx-various.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 
1hGEaM2WL3Nl36J4; Wed, 25 Apr 2007 05:52:28 -0400 (EDT)
Received: from friend ([84.22.20.109])
	by mx-various.atl.sa.earthlink.net (EarthLink SMTP Server) with ESMTP 
id 1hGEaG1f93Nl36J0
	for <>; Wed, 25 Apr 2007 05:52:27 -0400 (EDT)

Comment 1 Justin Mason 2007-04-25 07:11:44 UTC

with the Earthlink relay in trusted_networks:

trusted_networks 127/8 84.22.20.109

I get:

[12203] dbg: conf: internal_networks not configured, using trusted_networks
configuration for internal_networks; if you really want internal_networks to
only contain the required 127/8 add 'internal_networks !0/0' to your configuration
[12203] dbg: received-header: found fetchmail marker outside trusted area, ignored
[12203] dbg: received-header: parsed as [ ip=127.0.0.1 rdns= helo=noehlo.host
by=mx-various.atl.sa.earthlink.net ident= envfrom= intl=0 id=1hGEaM2WL3Nl36J4
auth= msa=0 ]
[12203] dbg: received-header: relay 127.0.0.1 trusted? yes internal? yes msa? no
[12203] dbg: received-header: parsed as [ ip=84.22.20.109 rdns= helo=friend
by=mx-various.atl.sa.earthlink.net ident= envfrom= intl=0 id=1hGEaG1f93Nl36J0
auth= msa=0 ]
[12203] dbg: received-header: relay 84.22.20.109 trusted? yes internal? yes msa? no
[12203] dbg: metadata: X-Spam-Relays-Trusted: [ ip=127.0.0.1 rdns=
helo=noehlo.host by=mx-various.atl.sa.earthlink.net ident= envfrom= intl=1
id=1hGEaM2WL3Nl36J4 auth= msa=0 ] [ ip=84.22.20.109 rdns= helo=friend
by=mx-various.atl.sa.earthlink.net ident= envfrom= intl=1 id=1hGEaG1f93Nl36J0
auth= msa=0 ]
[12203] dbg: metadata: X-Spam-Relays-Untrusted:
[12203] dbg: metadata: X-Spam-Relays-Internal: [ ip=127.0.0.1 rdns=
helo=noehlo.host by=mx-various.atl.sa.earthlink.net ident= envfrom= intl=1
id=1hGEaM2WL3Nl36J4 auth= msa=0 ] [ ip=84.22.20.109 rdns= helo=friend
by=mx-various.atl.sa.earthlink.net ident= envfrom= intl=1 id=1hGEaG1f93Nl36J0
auth= msa=0 ]

what's the problem here?  the relay is trusted just fine.

please reopen with a *full* sample, *attached*, the trusted_networks
configuration you're using, and a description of what you'd expect for that
sample, if I'm incorrect.

Comment 2 Sidney Markowitz 2007-04-25 12:54:54 UTC

Haven't there been some changes for 3.2 in how 127.0.0.1 is treated in the
trusted path algorithms? Make sure you test this using 3.2rc3 or newer as well
as attaching a full test case as Justin asked if it still seems to be a problem.

Comment 3 Daryl C. W. O'Shea 2007-04-25 15:01:25 UTC

The only difference between 3.1 and 3.2 regarding the treatment of 127.0.0.1 is
that in 3.1 you have to manually add 127.0.0.1 to your trusted/internal network
configs whereas 3.2 does it for you.

In any case, I see no problems with this in either 3.1 or 3.2.  If you want to
trust 84.22.20.109 then configure it as trusted, if you don't then don't trust
it and it'll be the first untrusted relay.

Comment 4 Sidney Markowitz 2007-04-25 16:36:48 UTC

In comment #1, Justin wrote:
> with the Earthlink relay in trusted_networks:
>
> trusted_networks 127/8 84.22.20.109

That doesn't look like the Earthlink relay, isn't that the spammer sender? The
earthlink server would be 209.86.93.204, presumably trusted, so the 127.0.0.1
that it says it received from is believed, making that link internal. In any
case it does look right. Setting

trusted_networks 209.86.93.204

I get:

[7281] dbg: conf: internal_networks not configured, using trusted_networks
configuration for internal_networks; if you really want internal_networks to
only contain the required 127/8 add 'internal_networks !0/0' to your configuration
[7281] dbg: received-header: found fetchmail marker outside trusted area, ignored
[7281] dbg: received-header: parsed as [ ip=127.0.0.1 rdns= helo=noehlo.host
by=mx-various.atl.sa.earthlink.net ident= envfrom= intl=0 id=1hGEaM2WL3Nl36J4
auth= msa=0 ]
[7281] dbg: received-header: relay 127.0.0.1 trusted? yes internal? yes msa? no
[7281] dbg: received-header: parsed as [ ip=84.22.20.109 rdns= helo=friend
by=mx-various.atl.sa.earthlink.net ident= envfrom= intl=0 id=1hGEaG1f93Nl36J0
auth= msa=0 ]
[7281] dbg: received-header: relay 84.22.20.109 trusted? no internal? no msa? no
[7281] dbg: metadata: X-Spam-Relays-Trusted: [ ip=127.0.0.1 rdns=
helo=noehlo.host by=mx-various.atl.sa.earthlink.net ident= envfrom= intl=1
id=1hGEaM2WL3Nl36J4 auth= msa=0 ]
[7281] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=84.22.20.109 rdns=
helo=friend by=mx-various.atl.sa.earthlink.net ident= envfrom= intl=0
id=1hGEaG1f93Nl36J0 auth= msa=0 ]
[7281] dbg: metadata: X-Spam-Relays-Internal: [ ip=127.0.0.1 rdns=
helo=noehlo.host by=mx-various.atl.sa.earthlink.net ident= envfrom= intl=1
id=1hGEaM2WL3Nl36J4 auth= msa=0 ]
[7281] dbg: metadata: X-Spam-Relays-External: [ ip=84.22.20.109 rdns=
helo=friend by=mx-various.atl.sa.earthlink.net ident= envfrom= intl=0
id=1hGEaG1f93Nl36J0 auth= msa=0 ]

which properly identifies the spam sender as the first external relay.