-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2006-07-13 at 02:37 +0200, Sandy Drobic wrote:
That can't be completely true: I'm using fetchmail and my spamassassin is using some rbl tests and catching spam that way. Look at a report (edited to avoid false triggers - I hope):
The problem with those RBL tests is always which hop in the received lines they use to look up.
True enough. In the case I quoted, it used the return address (not the from header).
Often they use the wrong one. Some people have complained that they were rejected because the received lines had a dynamic ip from the time when the user submitted the mail with smtp auth, and in the end they were forced to delete the received lines from the mails to get through.
SpamAssassin is pretty clever, but I also have doubts.
You could probably better write a little script to check the received lines, since you know which lines are from your server and then evaluate the correct line.
I think there is some configuration somewhere to tell SA, but I'm not clear on this.
The use of RBLs in Postfix though can only happen if you accept mails directly.
Makes sense. It takes place during the negotiation, not parsing the headers.
1.0 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [169.207.88.67 listed in combined.njabl.org]
Now, the question is which hop this ip was. (^-^)
It matches the "Return-Path" header in the email, which (at least in my system) is also the envelope from. But it also matches the first received header in the chain, that happens also to be the one before my provider. Mmm... it could be using any of both sources.
Notice also that I have downgraded some scores, like the one for dynamic addresses: after all, I use one myself.
Especially the sorbs dul list has stirred up some bad feedback due to their policy.
I can understand that.
It has correct reverse DNS, can't be dynamic. But dnsbl.sorbs.net says it is.
sorbs doesn't care about reverse DNS records, they list blocks as dynamic that they figured are dynamic or which at some time have been reported as dynamic. If the use of that ip block has changed in the meantime it's just your bad luck. :-(
Right. I just chanced to pick a spam email where that happened. So, that score should not be trusted. I was right to downgrade it to 1.0 points instead of the default. Now I know that it is even less to be trusted that I thought, or for different reasons. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEtZyytTMYHG2NR9URAm25AJ9a0sd4CR+ejO9yzG0I/VOYB923cwCgh3O5 l2mQCYt5vkf/+qGpTJKEL/o= =0Shg -----END PGP SIGNATURE----- -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com