[SA-exim] Re: Bug#246715: sa-exim: network checks are failing because headers are incomplete

Marc MERLIN marc at merlins.org
Fri May 7 10:52:52 PDT 2004

Previous message: [SA-exim] Re: Bug#246715: sa-exim: network checks are failing because headers are incomplete
Next message: [SA-exim] Re: Bug#246715: sa-exim: network checks are failing because headers are incomplete
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, May 07, 2004 at 06:13:55PM +0200, Sander Smeenk wrote:
> > I *may* get round to looking at this before I go away next Thursday, but
> > I equally well may not. Sorry about that.
> 
> >From what I read about this issue, I concluded that there's no (real)
> chance that legit mail is being rejected. The missing received header
> makes spam score less high, instead of legit mails scoring higher.
 
Not really actually.
If you're missing the last received line, it will for instance show that a
dialup IP is in the last (and only) received line, which looks as is a
dialup IP connected to my MX directly instead of going through a proper
relay
On my setup, that's a SA score of 4 right there, almost a kiss of death.

header RCVD_IN_DUL		rbleval:check_rbl('dialup', 'dialups.mail-abuse.org.')
describe RCVD_IN_DUL		Received from dialup, see http://www.mail-abuse.org/dul/
score RCVD_IN_DUL		4


header X_RCVD_IN_DUL_FH		rbleval:check_rbl('dialup-firsthop', 'dialups.mail-abuse.org.')
describe X_RCVD_IN_DUL_FH	Received from first hop dialup, see http://www.mail-abuse.org/dul/
score X_RCVD_IN_DUL_FH		-3.5


Then again, not many people may know about this and use it, as I'm the one who
wrote the dialup vs dialup-firsthop code in SpamAssassin :)
(it's properly documented in the conf docs though :)
 
> I noticed this because I am receiving tons of spams in my inbox, 
> since I upgraded exim to 4.30+

Exim 4.30 is fine, it 4.31 and above that aren't.
(I'm running 4.30 myself)

> Furthermore I have a 'rejectlog' mailed to me every night, and I can't
> see legit mail being rejected (yet). Although I *do* think it's good to
> check on things while you're running exim 4.31 or higher, i don't think
> systems running 4.31+ with sa-exim active will drop legit mail.

They can, depends on your config. Upgrading to 4.31 on mine would really
overscore a lot of otherwise legit mail.

Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/   |   Finger marc_f at merlins.org for PGP key

Previous message: [SA-exim] Re: Bug#246715: sa-exim: network checks are failing because headers are incomplete
Next message: [SA-exim] Re: Bug#246715: sa-exim: network checks are failing because headers are incomplete
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SA-Exim mailing list