Bug 7862 - wrong score for RDNS_NONE
Summary: wrong score for RDNS_NONE
Status: RESOLVED INVALID
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: spamassassin (show other bugs)
Version: 3.4.2
Hardware: All Linux
: P2 critical
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-10-19 10:56 UTC by standus
Modified: 2020-10-20 14:15 UTC (History)
3 users (show)


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description standus 2020-10-19 10:56:59 UTC 
In my email server is defined email as alias. I will send simple email to this mailbox and its delivered to destination mailbox with wrong score:
2.0 RDNS_NONE Delivered to internal network by a host with no rDNS

but its wrong, because on my server is localy redirect from alias to destination mailbox. Seems that SmapAssassin dont understand that its derirected locally!

Full header:
Received: from server.myserver.eu (server.myserver.eu [xxx.xxx.xxx.xxx])
	by email-smtpd9.ng.seznam.cz (Seznam SMTPD 1.3.121) with ESMTP;
	Mon, 19 Oct 2020 11:52:30 +0200 (CEST)  
Received: (qmail 7764 invoked by uid 108); 19 Oct 2020 11:52:28 +0200
Delivered-To: spam@mydomain.cz
Received: (qmail 7743 invoked by uid 108); 19 Oct 2020 11:52:28 +0200
Received: by simscan 1.4.0 ppid: 7738, pid: 7740, t: 0.3141s
         scanners: spam: 3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server.myserver.eu
X-Spam-Flag: YES
X-Spam-Level: **
X-Spam-Status: Yes, score=2.7 required=1.4 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_MSPIKE_H4,
	RCVD_IN_MSPIKE_WL,RDNS_NONE,SPF_HELO_NONE,TVD_SPACE_RATIO,
	URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.2
X-Spam-Report: 
	*  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
	*      [score: 0.4999]
	*  0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
	*      provider (mailbox[at]seznam.cz)
	*  0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
	*  0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
	*      blocked.  See
	*      http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
	*      for more information.
	*      [URIs: seznam.cz]
	*  0.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4)
	*      [xx.xx.xx.xx listed in wl.mailspike.net]
	*  0.0 HTML_MESSAGE BODY: HTML included in message
	* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	*      author's domain
	*  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
	*       valid
	* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	*  0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
	*  2.0 RDNS_NONE Delivered to internal network by a host with no rDNS
	*  0.0 TVD_SPACE_RATIO No description available.
Received: from unknown (HELO mxb2.seznam.cz) (xx.xx.xx.xx)
  by server.myserver.eu with ESMTPS; 19 Oct 2020 11:52:28 +0200
Received-SPF: pass (server.myserver.eu: SPF record at seznam.cz designates xx.xx.xx.xx as permitted sender)
Received: from email.seznam.cz
	by email-smtpc18b.ng.seznam.cz (email-smtpc18b.ng.seznam.cz [xx.xx.xx.xx])
	id 0e7bbc76a477fa330edcbaa5;
	Mon, 19 Oct 2020 11:52:27 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seznam.cz; s=beta;
	t=1603101147; bh=HAfhu6+Nvt0Oc5j0JxzvPVuESH3EXktwWoUxJwW68gU=;
	h=Received:From:To:Subject:Date:Message-Id:Mime-Version:X-Mailer:
	 Content-Type;
	b=CmJJyqpBKVubvW5UU6o0ka8Mg8OmNTYjoawWlQq1AMGJc1r3P4w13G8p4agLg302i
	 nD47wwO7pwXomirsvEznDgVNsjozgh1vfX9OgNhtkzVdBsQfgNpgBRThNBZHOhkMqS
	 QtPlP4YnP6me5PJ+rQhFNGFZ5GITTdgzWC7t09To=
Received: from unknown ([::ffff:xx.xx.xx.xx])
	by email.seznam.cz (szn-ebox-5.0.42) with HTTP;
	Mon, 19 Oct 2020 11:52:24 +0200 (CEST)
From: mailbox <mailbox@seznam.cz>
To: <spam@mydomain.cz>
Subject: [SPAM] test
Date: Mon, 19 Oct 2020 11:52:24 +0200 (CEST)
Message-Id: <BEZ.f6zT.hdsghhss.hsdef@seznam.cz>
Mime-Version: 1.0 (szn-mime-2.1.10)
X-Mailer: szn-ebox-5.0.42
Content-Type: multipart/alternative;
	boundary="=_3c8f42b247d8312e413d8319=03305f72-f87d-5c78-b505-19e776d55377_="
X-Spam-Prev-Subject: test
Comment 1 standus 2020-10-19 11:07:59 UTC 
my email server har correct defined rDNS soo other emails are delivered without problems with no spam score.
Comment 2 Bill Cole 2020-10-19 17:27:54 UTC 
This is not likely to be a bug. It is definitely not a bug in how RDNS_NONE is scored. 

It is almost certainly a problem with local configuration of the critical trusted_networks and internal_networks parameters. It is impossible to determine that without knowing the IP which has been removed from the example. 

As this is a configuration error, not a bug, it is an issued better addressed to the SpamAssassin Users mailing list, where other users can advise on how they configure systems that might be similar to yours.
Comment 3 RW 2020-10-19 21:04:33 UTC 
For future reference please mung (modify for privacy) as little as possible and always leave a valid email. SA wont understand xx.xx.xx.xx as an email address and  anyone wanting to test the headers above will have to edit them first. There is no point in munging the server addresses of email service providers.

If I'm following this correctly, you sent a test email from seznam.cz webmail to your mail server, which then passed it though SA and redirected it back to seznam.cz. In that case the redirection is not relevant. The problem is here:

 Received: from unknown (HELO mxb2.seznam.cz) (xx.xx.xx.xx) by server.myserver.eu ...

Your MTA is saying that the rDNS for the seznam.cz outgoing server is unknown, and this will cause RDNS_NONE.

Most likely you just need to turn-on rDNS look-ups in your MTA, SA needs the MTA to do that look-up, or everything gets  RDNS_NONE.

It's impossible to say whether the seznam server has bad rDNS as you munged the IP address.
Comment 4 standus 2020-10-19 21:38:17 UTC 
Received: from unknown (HELO mxb1.seznam.cz) (77.75.78.89) 

I putted IP address at trusted_network as param and restarted SA.
And still have RDNS_NONE.
Comment 5 RW 2020-10-20 14:15:27 UTC 
I already told you the problem is the 'unknown' in the received header. 

Either your MTA is not configured to do rDNS look-ups or there's a DNS problem somewhere. This is nothing to do with SpamAssassin. Changing trusted_networks would have, at best, just hidden the problem.