{SPAM?} Plurals

Giampaolo Tomassoni giampaolo at tomassoni.biz
Tue Mar 8 10:31:45 CET 2011


From: "kfx" <manuel.bertrand at gmail.com>
> On 3/8/11 9:09 AM, Giampaolo Tomassoni wrote:
>>> Received: from famiglio 
>>> (host112-207-dynamic.8-79-r.retail.telecomitalia.it
>>>  [79.8.207.112]) (Authenticated sender: *******)
>>>  by c0.edlui.it (Postfix) with ESMTPA id 2AF86472390
>>>  for <amavis-users at amavis.org>; Mon,  7 Mar 2011 17:51:33 +0100 (CET)
>>
>>> this adds to the score !
>>
>> What? Why?!? Which SA rule does it trigger?
> RDNS_DYNAMIC on SA 3.2.5
>
> The default score is very low and I raised it, so no worry :)

Mmmh. You shure it is that Received: which raises the RDNS_DYNAMIC ?

http://wiki.apache.org/spamassassin/Rules/RDNS_DYNAMIC

The "last untrusted relay" is not the last in the Received: list, but 
instead the first in the list outside of the "ring of trust" you defined in 
SA (internal_networks, trusted_networks, possibly even msa_networks).

Here I guess you trusted de.postfix.org , so the problem may be this:

Received: from c0.edlui.it (host242-201-149-62.serverdedicati.aruba.it
        [62.149.201.242]) by de.postfix.org (Postfix) with ESMTP
        for <amavis-users at amavis.org>; Mon,  7 Mar 2011 17:22:10 +0100 (CET)

Unfortunately:

    1) 62.149.201.242 is static;
    2) I can't change its rDNS to make it match c0.edlui.it.


>> Running it on my SA I get some score from STOX_REPLY_TYPE and 
>> STOX_REPLY_TYPE_WITHOUT_QUOTES, because I was so silly to reply to an 
>> announcement message in the new list and there rewrite the message from 
>> scratch...
>>
>> But that accounts for more or less 2.2 points (SA 3.3.1 with updated 
>> ruleset)..
>>
>>
>>> maybe the postfix at c0.edlui.it should remove this header (mainly for 
>>> privacy reason,
>>> not only to make me continue to be lazy with my SA's config..)
>>> /^Received:.*Authenticated sender:.*/                           IGNORE
>>
>> There is no privacy concern in this:
> It may not be dramatic but this Received header gives the IP address of 
> the user and so his location when he sent this email (my boss asked me to 
> take it away...)

Well, right. But this is also a very useful information in order to detect a 
spam source and not being tied with it. If you report a spam to SpamCop, in 
example, and you have an account there which gives a bit of trust to your 
mail server, the Received: you pointed out is the one SC uses to spot (and 
possibly blacklist) the source. Otherwise, the source would instead be your 
mail server, which is far worse!


> Received: from famiglio 
> (host112-207-dynamic.8-79-r.retail.telecomitalia.it
> [79.8.207.112]) (Authenticated sender: *****)
> by c0.edlui.it (Postfix) with ESMTPA id 729A23A9162
> for<amavis-users at amavis.org>; Tue,  8 Mar 2011 09:09:22 +0100 (CET)
>
>
> But as Benny Pedersen said, if it breaks dkim it may not be a good idea.
> I really need to revamp my conf... :)

Also, I recall that someone in the SA user list (or users list? ;) ) was 
firmly suggesting to upgrade existing 3.2.x installations to 3.3.x. Can't 
remember why, sorry.

Giampaolo 



More information about the amavis-users mailing list