[opensuse] Hey! spamassassin says I'm a spammer!
Yep, in two dozens of emails sent to this list, I'm classified as spammer. It happens with the copy that my postfix sends to gmail, with authentication, and which fetchmail gets back from gmail. It is not the copy sent back by opensuse mail server: pts rule name description ---- ---------------------- -------------------------------------------------- 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [88.11.168.6 listed in zen.spamhaus.org] 1.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [88.11.168.6 listed in dnsbl.sorbs.net] 1.1 DNS_FROM_OPENWHOIS RBL: Envelope sender listed in bl.open-whois.org. 4.1 FH_HOST_EQ_DYNAMICIP Host is dynamicip 1.6 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.4686] 0.1 RDNS_DYNAMIC Delivered to trusted network by host with dynamic-looking rDNS -2.6 AWL AWL: From: address is in the auto white-list These are the relevant headers - I think: Received: from gmail-imap.l.google.com [74.125.79.109] by nimrodel.valinor with IMAP (fetchmail-6.3.11 polling imap.gmail.com account robin....@gmail.com) for <cer@localhost> (single-drop); Thu, 16 Sep 2010 18:53:30 +0200 (CEST) Received: from Elessar.valinor (6.Red-88-11-168.dynamicIP.rima-tde.net [88.11.168.6]) by mx.google.com with ESMTPS id k7sm2428472wej.2.2010.09.11.05.20.35 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 11 Sep 2010 05:20:36 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by Elessar.valinor (Postfix) with ESMTP id BD4DC65166 for <opensuse@opensuse.org>; Sat, 11 Sep 2010 14:20:33 +0200 (CEST) X-Virus-Scanned: amavisd-new at valinor Received: from Elessar.valinor ([127.0.0.1]) by localhost (Elessar.valinor [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9uFAp21AW5Wl for <opensuse@opensuse.org>; Sat, 11 Sep 2010 14:20:33 +0200 (CEST) Received: from [IPv6:::1] (localhost [IPv6:::1]) by Elessar.valinor (Postfix) with ESMTP id 63A2765153 for <opensuse@opensuse.org>; Sat, 11 Sep 2010 14:20:33 +0200 (CEST) What should I do? For the moment, I have whitelisted myself (in .spamassassin/user_prefs). -- Cheers, Carlos E. R. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/16/2010 12:30 PM, Carlos E. R. wrote:
1.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [88.11.168.6 listed in dnsbl.sorbs.net] 1.1 DNS_FROM_OPENWHOIS RBL: Envelope sender listed in bl.open-whois.org. 4.1 FH_HOST_EQ_DYNAMICIP Host is dynamicip 1.6 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.4686] 0.1 RDNS_DYNAMIC Delivered to trusted network by host with dynamic-looking rDNS
Route your list mail thru something with a static IP helps. I used to have a lot of that problem running my own mail server on a dynamic. Got a static, and problem disappeared. That and your PGP sig fails validation half the time... (not likely part of this problem but it happens a lot for your sig for some reason.) -- _____________________________________ At one time I had a Real Sig. Its been downsized. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday, 2010-09-16 at 12:41 -0700, John Andersen wrote:
Route your list mail thru something with a static IP helps.
I can't.
I used to have a lot of that problem running my own mail server on a dynamic. Got a static, and problem disappeared.
But I'm not running my own mail server. I'm just sending my email like every body. I send the email to the ISP, ie, gmail (ok, not an isp), they ask for my password, sent.
That and your PGP sig fails validation half the time... (not likely part of this problem but it happens a lot for your sig for some reason.)
That must be a bug in thunderbird or something. -- Cheers, Carlos E. R. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
On Thursday, 2010-09-16 at 12:41 -0700, John Andersen wrote:
Route your list mail thru something with a static IP helps.
I can't.
I used to have a lot of that problem running my own mail server on a dynamic. Got a static, and problem disappeared.
But I'm not running my own mail server. I'm just sending my email like every body. I send the email to the ISP, ie, gmail (ok, not an isp), they ask for my password, sent.
It looks like you send your email to "Elessar.valinor" and they send it to gmail. They are using a dynamic IP for their mail server? Received: from Elessar.valinor (6.Red-88-11-168.dynamicIP.rima-tde.net [88.11.168.6]) by mx.google.com with ESMTPS id k7sm2428472wej.2.2010.09.11.05.20.35 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 11 Sep 2010 05:20:36 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by Elessar.valinor (Postfix) If you sent your mail directly from your mail client instead of via the "Elessar.valinor" mail server, you wouldn't have a dynamic IP listed. Cheers, Dave -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 2010-09-16 at 21:30 +0200, Carlos E. R. wrote:
Yep, in two dozens of emails sent to this list, I'm classified as spammer.
It happens with the copy that my postfix sends to gmail, with authentication, and which fetchmail gets back from gmail. It is not the copy sent back by opensuse mail server:
pts rule name description ---- ---------------------- -------------------------------------------------- 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [88.11.168.6 listed in zen.spamhaus.org] 1.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [88.11.168.6 listed in dnsbl.sorbs.net] 1.1 DNS_FROM_OPENWHOIS RBL: Envelope sender listed in bl.open-whois.org. 4.1 FH_HOST_EQ_DYNAMICIP Host is dynamicip 1.6 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.4686] 0.1 RDNS_DYNAMIC Delivered to trusted network by host with dynamic-looking rDNS -2.6 AWL AWL: From: address is in the auto white-list
These are the relevant headers - I think:
Received: from gmail-imap.l.google.com [74.125.79.109] by nimrodel.valinor with IMAP (fetchmail-6.3.11 polling imap.gmail.com account robin....@gmail.com) for <cer@localhost> (single-drop); Thu, 16 Sep 2010 18:53:30 +0200 (CEST) Received: from Elessar.valinor (6.Red-88-11-168.dynamicIP.rima-tde.net [88.11.168.6]) by mx.google.com with ESMTPS id k7sm2428472wej.2.2010.09.11.05.20.35 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 11 Sep 2010 05:20:36 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by Elessar.valinor (Postfix) with ESMTP id BD4DC65166 for <opensuse@opensuse.org>; Sat, 11 Sep 2010 14:20:33 +0200 (CEST) X-Virus-Scanned: amavisd-new at valinor Received: from Elessar.valinor ([127.0.0.1]) by localhost (Elessar.valinor [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9uFAp21AW5Wl for <opensuse@opensuse.org>; Sat, 11 Sep 2010 14:20:33 +0200 (CEST) Received: from [IPv6:::1] (localhost [IPv6:::1]) by Elessar.valinor (Postfix) with ESMTP id 63A2765153 for <opensuse@opensuse.org>; Sat, 11 Sep 2010 14:20:33 +0200 (CEST)
What should I do?
For the moment, I have whitelisted myself (in .spamassassin/user_prefs).
-- Cheers, Carlos E. R.
Has the cyber-squatting of openwhois been resolved? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Mike McMullin wrote:
Has the cyber-squatting of openwhois been resolved?
In a way - https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6157 I'm pretty certain an update was pushed out for this. -- Per Jessen, Zürich (11.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-17 08:19, Per Jessen wrote:
Mike McMullin wrote:
Has the cyber-squatting of openwhois been resolved?
Good point!
In a way - https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6157
I'm pretty certain an update was pushed out for this.
I reported this months ago, now that I remember. This computer had 11.0, I patched those rules myself, but I upgraded to 11.2 and those patches must have been nullified. I have to check again to see if there is an optional upgrade to SA. However, the share of the lion is this:
4.1 FH_HOST_EQ_DYNAMICIP Host is dynamicip
Obviously, I am on a dynamic IP, so what? I'm not sending directly. I am indeed using postfix, but I am sending as an authenticated user of gmail, same as if sending from Thunderbird or any other client. The rule is confusing this. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Minas Tirith))
Carlos E. R. wrote:
Obviously, I am on a dynamic IP, so what? I'm not sending directly. I am indeed using postfix, but I am sending as an authenticated user of gmail, same as if sending from Thunderbird or any other client.
I think that's the point, isn't it? Thunderbird or other client doesn't include a step in the message. The first host receiving the message has a static IP and is potentially a well-known ISP's SMTP server. The first host receiving your message is an unknown host with dynamic IP. Which could well be a common case for spammers.
The rule is confusing this.
Depends what fraction of spam matches that criterion. Can you cause postfix not to record its presence? Cheers, Dave -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 [re-sent] On 2010-09-17 18:13, Dave Howorth wrote:
Carlos E. R. wrote:
Obviously, I am on a dynamic IP, so what? I'm not sending directly. I am indeed using postfix, but I am sending as an authenticated user of gmail, same as if sending from Thunderbird or any other client.
I think that's the point, isn't it? Thunderbird or other client doesn't include a step in the message. The first host receiving the message has a static IP and is potentially a well-known ISP's SMTP server. The first host receiving your message is an unknown host with dynamic IP. Which could well be a common case for spammers.
The rule is confusing this.
Depends what fraction of spam matches that criterion.
Unfortunately, SA does not record which "received" line triggers which rule.
Can you cause postfix not to record its presence?
But I want it to record its presence (and I wouldn't know how to change that). It helps me track issues, when they happen. I would rather have a setting to spamassassin that my postfix is one of the "good guys". I'm going to send this email via another ISP, and see what happens with SA later. The problem is that this one fails about 20-30% of times. ... And it failed. Sending again... - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iF4EAREIAAYFAkyTsXgACgkQja8UbcUWM1wnQQD9EAJ4Q7+SwLLAJgxzTetQIDmu 4TE6LL67TVVYU3CcOikA+gPUrKxb9EnRPNhTUUG/92+01zhq0/AE3/hiC+Lc/vD3 =PzA1 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
Unfortunately, SA does not record which "received" line triggers which rule.
If you run the email through spamassassin with -D it will tell you.
I would rather have a setting to spamassassin that my postfix is one of the "good guys".
In _your_ SA or in general? -- Per Jessen, Zürich (13.6°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-17 20:24, Per Jessen wrote:
Carlos E. R. wrote:
Unfortunately, SA does not record which "received" line triggers which rule.
If you run the email through spamassassin with -D it will tell you.
A second run of the particular email via SA?
I would rather have a setting to spamassassin that my postfix is one of the "good guys".
In _your_ SA or in general?
In mine. I'm thinking. Those particular emails are not the ones actually sent. I'll try to explain. Th -> postfix -> gmail +--> suse -> list server | \ -> [sent folder] --> gmail imap -> back to me It is the copy sent to the "sent folder" which is having the problem, not the one that I get from the list. It may have actually different headers, somewhat. I have to check. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Minas Tirith))
Carlos E. R. wrote:
On 2010-09-17 20:24, Per Jessen wrote:
Carlos E. R. wrote:
Unfortunately, SA does not record which "received" line triggers which rule.
If you run the email through spamassassin with -D it will tell you.
A second run of the particular email via SA?
No, you just take the email, remove whatever the first run through SA added, then run it with "spamassassin -D -t -x --siteconfigpath=<whatever> <email" (from memory, might not be 100% correct).
I would rather have a setting to spamassassin that my postfix is one of the "good guys".
In _your_ SA or in general?
In mine.
Okay, then you can add the googlemail servers as trusted hosts.
I'm thinking.
Careful. :-)
Those particular emails are not the ones actually sent. I'll try to explain.
Th -> postfix -> gmail +--> suse -> list server | \ -> [sent folder] --> gmail imap -> back to me
Plus you get a copy from the list server, right? The Sent folder is irrelevant.
It is the copy sent to the "sent folder" which is having the problem, not the one that I get from the list.
In which case it is more likely Google inbound scanning (= Postini) that's doing it. -- Per Jessen, Zürich (13.4°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
On 2010-09-17 08:19, Per Jessen wrote:
Mike McMullin wrote:
Has the cyber-squatting of openwhois been resolved?
Good point!
In a way - https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6157
I'm pretty certain an update was pushed out for this.
I reported this months ago, now that I remember. This computer had 11.0, I patched those rules myself, but I upgraded to 11.2 and those patches must have been nullified. I have to check again to see if there is an optional upgrade to SA.
Just check the rules-upgrade. (sa-update).
However, the share of the lion is this:
4.1 FH_HOST_EQ_DYNAMICIP Host is dynamicip
Obviously, I am on a dynamic IP, so what? I'm not sending directly.
Doesn't matter - if you have not instructed your local SA installation to treat googlemail as a trusted source, SA will look at your address too.
I am indeed using postfix, but I am sending as an authenticated user of gmail, same as if sending from Thunderbird or any other client. The rule is confusing this.
Being an authenticated user of gmail does not mean "I don't send spam" :-) -- Per Jessen, Zürich (14.6°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-17 19:02, Per Jessen wrote:
Carlos E. R. wrote:
I'm pretty certain an update was pushed out for this.
I reported this months ago, now that I remember. This computer had 11.0, I patched those rules myself, but I upgraded to 11.2 and those patches must have been nullified. I have to check again to see if there is an optional upgrade to SA.
Just check the rules-upgrade. (sa-update).
Huh? I have never used that, I rely on official suse updates solely.
However, the share of the lion is this:
4.1 FH_HOST_EQ_DYNAMICIP Host is dynamicip
Obviously, I am on a dynamic IP, so what? I'm not sending directly.
Doesn't matter - if you have not instructed your local SA installation to treat googlemail as a trusted source, SA will look at your address too.
How / where can I tell spamassassin to treat Elessar.valinor or whatever host I use as a reliable source, even if it is a dynamic IP? But that's not the only problem, obviously: it would only solve my local problem. People getting email from me, via gmail, may get my email filtered as spam. The rule is triggering mistakenly.
I am indeed using postfix, but I am sending as an authenticated user of gmail, same as if sending from Thunderbird or any other client. The rule is confusing this.
Being an authenticated user of gmail does not mean "I don't send spam" :-)
That's true, but it means that there is no point in checking if the sender is using a dynamic IP. Many gmail users will have that. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Minas Tirith))
Carlos E. R. wrote:
On 2010-09-17 19:02, Per Jessen wrote:
Carlos E. R. wrote:
I'm pretty certain an update was pushed out for this.
I reported this months ago, now that I remember. This computer had 11.0, I patched those rules myself, but I upgraded to 11.2 and those patches must have been nullified. I have to check again to see if there is an optional upgrade to SA.
Just check the rules-upgrade. (sa-update).
Huh? I have never used that, I rely on official suse updates solely.
It's a reasonable sensible way to separate the code and the data for SA. The data = the rules - by running sa-update, you get rule updates when and as available.
Doesn't matter - if you have not instructed your local SA installation to treat googlemail as a trusted source, SA will look at your address too.
How / where can I tell spamassassin to treat Elessar.valinor or whatever host I use as a reliable source, even if it is a dynamic IP?
I think it's a config option called "trusted_hosts" or "trusted_networks".
But that's not the only problem, obviously: it would only solve my local problem. People getting email from me, via gmail, may get my email filtered as spam. The rule is triggering mistakenly.
Yeah, I think so too - the 4 points just because it's coming from a "dynamicIP" host is a little too much. Try sending me an email directly - per@jessen.ch - I have spamassassin running. I'd like to see what your mails like look here. -- Per Jessen, Zürich (13.3°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, 2010-09-17 at 08:19 +0200, Per Jessen wrote:
Mike McMullin wrote:
Has the cyber-squatting of openwhois been resolved?
In a way - https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6157
I'm pretty certain an update was pushed out for this.
That would be nice this address was being blocked on another list based mainly on openwhois. I'll retry that list and see what happens. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (7)
-
Carlos E. R. -
Carlos E. R. -
Carlos E. R. -
Dave Howorth -
John Andersen -
Mike McMullin -
Per Jessen