Header Analysis Problem - SpamAssassin
This is a discussion on Header Analysis Problem - SpamAssassin ; ...
-
Re: Header Analysis Problem
-
Re: Header Analysis Problem
-
Header Analysis Problem
Hello,
I am getting these hits with the email below:
AWL,
FH_HELO_ALMOST_IP,
HELO_DYNAMIC_SPLIT_IP,
RCVD_IN_PBL
Problem is in this "Received":
Received: from 80.Red-88-31-96.staticIP.rima-tde.net ([88.31.96.80]) by
owa1.cnio.es with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 17 Jun 2008 17:18:10 +0200
Client in IP address 88.31.96.80 is sending mail using SMPT-Auth to
"owa1.cnio.es", so this header is right.
Problem is that SA is analyzing this "Received" and complaining about it
as it is a dynamic IP address or so.
Any way to solve this problem?
# spamassassin < test
Received: from localhost by flash2.cnio.es
with SpamAssassin (version 3.2.5);
Tue, 17 Jun 2008 18:04:15 +0200
From: john doe
To: Any One
Subject: spam: Re: [Fwd: [Fwd: Delivery Status Notification (Failure)]]
Date: Tue, 17 Jun 2008 17:18:02 +0200
Message-Id: <4857D5AA.6020101@cnio.es>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on flash2.cnio.es
X-Spam-Level: ********
X-Spam-Status: Yes, score=8.0 required=5.0 tests=AWL,FH_HELO_ALMOST_IP,
HELO_DYNAMIC_SPLIT_IP,RCVD_IN_PBL,RDNS_NONE autolearn=no
version=3.2.5
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_4857E07F.6924E393"
This is a multi-part message in MIME format.
------------=_4857E07F.6924E393
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
This Email has been identified as spam. The original message has been
attached to this so you can view it (if it isn't spam).
Content analysis details: (8.0 points, 5.0 required)
--------------------
Este Email ha sido identificado como spam. El mensaje original ha sido
adjuntado a esta notificacia su visualizaci caso de que no
sea spam).
Detalles del an?sis de contenido: (8.0 points, 5.0 required)
------------=_4857E07F.6924E393
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Received: from owa1.cnio.es (owa1.cnio.es [192.168.10.7])
by flash2.cnio.es (ESMTP Server) with ESMTP
for ; Tue, 17 Jun 2008
17:18:15 +0200 (CEST)
Received: from 80.Red-88-31-96.staticIP.rima-tde.net ([88.31.96.80]) by
owa1.cnio.es with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 17 Jun 2008 17:18:10 +0200
Message-ID: <4857D5AA.6020101@cnio.es>
Date: Tue, 17 Jun 2008 17:18:02 +0200
From: john doe
User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421)
MIME-Version: 1.0
To: Any One
Subject: Re: [Fwd: [Fwd: Delivery Status Notification (Failure)]]
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
some text
------------=_4857E07F.6924E393--
Regards,
Carlos Velasco
-
Re: Header Analysis Problem
mouss escribió:
> Carlos Velasco wrote:
>> Hello,
>>
>> I am getting these hits with the email below:
>>
>> AWL,
>> FH_HELO_ALMOST_IP,
>> HELO_DYNAMIC_SPLIT_IP,
>> RCVD_IN_PBL
>>
>> Problem is in this "Received":
>> Received: from 80.Red-88-31-96.staticIP.rima-tde.net ([88.31.96.80]) by
>> owa1.cnio.es with Microsoft SMTPSVC(6.0.3790.3959);
>> Tue, 17 Jun 2008 17:18:10 +0200
>>
>> Client in IP address 88.31.96.80 is sending mail using SMPT-Auth to
>> "owa1.cnio.es", so this header is right.
>>
>> Problem is that SA is analyzing this "Received" and complaining about it
>> as it is a dynamic IP address or so.
>>
>> Any way to solve this problem?
>
> set internal_networks.
Well, the problem is that users can send from any Internet IP address as
they do SMTP-Auth, so I can't use internal_networks or trusted_networks
or msa_networks.
-
Re: Header Analysis Problem
mouss escribió:
> Carlos Velasco wrote:
>> mouss escribió:
>>> Carlos Velasco wrote:
>>>> Hello,
>>>>
>>>> I am getting these hits with the email below:
>>>>
>>>> AWL,
>>>> FH_HELO_ALMOST_IP,
>>>> HELO_DYNAMIC_SPLIT_IP,
>>>> RCVD_IN_PBL
>>>>
>>>> Problem is in this "Received":
>>>> Received: from 80.Red-88-31-96.staticIP.rima-tde.net ([88.31.96.80])by
>>>> owa1.cnio.es with Microsoft SMTPSVC(6.0.3790.3959);
>>>> Tue, 17 Jun 2008 17:18:10 +0200
>>>>
>>>> Client in IP address 88.31.96.80 is sending mail using SMPT-Auth to
>>>> "owa1.cnio.es", so this header is right.
>>>>
>>>> Problem is that SA is analyzing this "Received" and complaining
>>>> about it
>>>> as it is a dynamic IP address or so.
>>>>
>>>> Any way to solve this problem?
>>> set internal_networks.
>> Well, the problem is that users can send from any Internet IP address
>> as they do SMTP-Auth, so I can't use internal_networks or
>> trusted_networks or msa_networks.
>>
> put the IP of owa1.cnio.es in internal_networks.
It doesn't work. I think internal_networks matches the "from" IP
address, not the "by". In debug relay 192.168.10.7 is matched as
internal, but relay 88.31.96.80 not.
[30937] dbg: received-header: parsed as [ ip=192.168.10.7
rdns=owa1.cnio.es helo=owa1.cnio.es by=flash2.cnio.es ident= envfrom=
intl=0 id= auth= msa=0 ]
[30937] dbg: received-header: relay 192.168.10.7 trusted? yes internal?
yes msa? no
[30937] dbg: received-header: parsed as [ ip=88.31.96.80 rdns=
helo=80.Red-88-31-96.staticIP.rima-tde.net by=owa1.cnio.es ident=
envfrom= intl=0 id= auth= msa=0 ]
[30937] dbg: received-header: relay 88.31.96.80 trusted? no internal? no
msa? no
[30937] dbg: metadata: X-Spam-Relays-Trusted: [ ip=192.168.10.7
rdns=owa1.cnio.es helo=owa1.cnio.es by=flash2.cnio.es ident= envfrom=
intl=1 id= auth= msa=0 ]
[30937] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=88.31.96.80 rdns=
helo=80.Red-88-31-96.staticIP.rima-tde.net by=owa1.cnio.es ident=
envfrom= intl=0 id= auth= msa=0 ]
[30937] dbg: metadata: X-Spam-Relays-Internal: [ ip=192.168.10.7
rdns=owa1.cnio.es helo=owa1.cnio.es by=flash2.cnio.es ident= envfrom=
intl=1 id= auth= msa=0 ]
[30937] dbg: metadata: X-Spam-Relays-External: [ ip=88.31.96.80 rdns=
helo=80.Red-88-31-96.staticIP.rima-tde.net by=owa1.cnio.es ident=
envfrom= intl=0 id= auth= msa=0 ]
-
Re: Header Analysis Problem
On 17.06.08 18:15, Carlos Velasco wrote:
> I am getting these hits with the email below:
>
> AWL,
> FH_HELO_ALMOST_IP,
> HELO_DYNAMIC_SPLIT_IP,
> RCVD_IN_PBL
>
> Problem is in this "Received":
> Received: from 80.Red-88-31-96.staticIP.rima-tde.net ([88.31.96.80]) by
> owa1.cnio.es with Microsoft SMTPSVC(6.0.3790.3959);
> Tue, 17 Jun 2008 17:18:10 +0200
>
> Client in IP address 88.31.96.80 is sending mail using SMPT-Auth to
> "owa1.cnio.es", so this header is right.
However the headers do not contain any information about using SMTP auth,
so the SA does not know about it.
adding the IP of your msa_networks would help, but you must not do it if the
server also acts as MX...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95
-
Re: Header Analysis Problem
Matus UHLAR - fantomas escribió:
> However the headers do not contain any information about using SMTP auth,
> so the SA does not know about it.
Yes, that's the problem. "owa1.cnio.es" is a MS Exchange, I don't know
how to do for it to put authentication information in the headers.
I searched for Exchange and rfc3848 but no luck 
> adding the IP of your msa_networks would help, but you must not do it if the
> server also acts as MX...
I can't as the users can send from any Internet IP address
