unexpected outgoing spam classification based on X-Originating-IP

Wolfgang Rosenauer wolfgang.rosenauer at an-netz.de
Sat Aug 18 22:09:12 CEST 2018


Hi,

> Markus Schönhaber <amavis-users at list-post.mks-mail.de> hat am 18. August 2018 um 17:46 geschrieben:
> 
> 
> Wolfgang Rosenauer, Sa 18 Aug 2018 11:49:47 CEST:
> 
> > The IP listed above is the dialup IP used send the mail via the webmailer. It is rightfully listed in PBL because it's "dialup".
> > But it only is listed/used as X-Originating-IP.
> 
> Maybe it helps if you adjust this:
> <http://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html#originating_ip_headers_header_default_x_yahoo_post_ip_x_originating_ip_x_apparently_from_x_senderip>

hmm, sounds like a workaround.
Meanwhile I have found https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6501 which sounds quite similar.
But the reason why it was closed is that there was no indication of being authenticated.

In my case though the received header clearly shows this IMHO:
Received: from null (ox1.an-netz.net [148.251.71.226])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by ds9.rosenauer.org (Postfix) with ESMTPSA id E5D1BA12E2
	for <EMAIL>; Fri, 17 Aug 2018 15:41:44 +0200 (CEST)
X-Originating-IP: 80.187.102.207

So I still think that this should not PBL checked.

 
> OTOH: what's the point in adding an X-Originating-IP header to mails
> sent by authenticated users?

that is probably some point to argue about. Honestly I think it's useful because if a user uses a "normal" MUA the client IP is also exposed via received headers. It also seems to be the case quite many commercial webmail providers.
 
> Oh, BTW: IMO posting HTML to a technical mailing list is a very bad
> idea. But I wasn't aware that there's yet another reason to adhere to
> this opinion:

Indeed. Unfortunately I'm on the road and did/do not have my regular mail client here and forgot to switch to plain text only before I sent the mail. Sorry for that. Typically I take care.

> 
> > Return-Path: <anonymized> 
> [...]
> > The message WILL BE relayed to:
> > <anonymized> mailto:

Yeah, I'm not too concerned about having this exposed but good point.


Thanks,
 Wolfgang


More information about the amavis-users mailing list