[<<] [<] Page 1 of 1 [>] [>>] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Subject:
Mailing list issues
From: Jason Kingan ####@####.#### Date: 20 Apr 2005 17:37:23 +0100 Message-Id: <903443230517615c63d6f33e26f64482@censoft.com> Everyone: I've found the root cause of the problem with Greg and I both being "removed." Apparently Spam Assassin, beginning late on the 18th started blocking messages due to the mail server at linuxhacker.org being hosted on a dynamic IP and DHCP-assigned machine (is it?) The SA headers from a sample rejected mail: pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 NO_REAL_NAME From: does not include a real name 4.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr 1) 1.2 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP) 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5000] 0.1 MSGID_FROM_MTA_HEADER Message-Id was added by a relay Alex - is this correct that linuxhacker is hosted on a dynamic IP? This could be causing many, many people to miss emails from the list and not even realize it - especially if their ISP is doing their filtering for them. This is happening on a bone-stock 3.0.2 version of SA. I'm having the linuxhacker.org domain whitelisted for now, but we probably need to get to the root of the problem so others can benefit. Jason Kingan | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Subject:
Re: [nanogui] Mailing list issues
From: Alex Holden ####@####.#### Date: 20 Apr 2005 17:52:20 +0100 Message-Id: <426688AC.9080904@linuxhacker.org> Jason Kingan wrote: > I've found the root cause of the problem with Greg and I both being > "removed." Apparently Spam Assassin, beginning late on the 18th started I did say to Greg earlier this afternoon that he hadn't been unsubscribed. > blocking messages due to the mail server at linuxhacker.org being hosted > on a dynamic IP and DHCP-assigned machine (is it?) The SA headers from a Nope. I have a block of static IPs. > 4.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP > addr 1) The HELO is set to "dsl-62-3-116-153.zen.co.uk" which is correct because it matches the default reverse lookup for the IP address (I've never had a good reason to change it from the default). It sounds like the Spamassassin developers have been a bit overzealous in deciding that certain hostnames are more likely to be spam sources than others. I'll get my ISP to change the reverse lookup to a name of my own choosing; that should hopefully work around this dodgy rule. -- ------------ Alex Holden - http://www.alexholden.net/ ------------ If it doesn't work, you're not hitting it with a big enough hammer | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Subject:
Re: [nanogui] Mailing list issues
From: Darran Rimron ####@####.#### Date: 20 Apr 2005 18:00:58 +0100 Message-Id: <42668AB4.8010106@xalior.com> Alex Holden wrote: >> 4.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname >> (IP addr 1) > > > The HELO is set to "dsl-62-3-116-153.zen.co.uk" which is correct > because it matches the default reverse lookup for the IP address (I've > never had a good reason to change it from the default). It sounds like > the Spamassassin developers have been a bit overzealous in deciding > that certain hostnames are more likely to be spam sources than others. > I'll get my ISP to change the reverse lookup to a name of my own > choosing; that should hopefully work around this dodgy rule. > I don't think it's going to be that easy. SpamAssassin is being arsy as your IP is probably in a block of, what used to be called, DialUP pools. It's considered that any SMTP server running on said IP pool is probably a spammer, hence the high rating. I /really/ can't recall who maintains this list right now - I tried to get my old DSL removed from it, and it was a waste of time, at that time, they weren't interested.... -D | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Subject:
Re: [nanogui] Mailing list issues
From: Jason Kingan ####@####.#### Date: 20 Apr 2005 18:04:19 +0100 Message-Id: <9c73f24e77042b78546bad0b344a8a87@censoft.com> On Apr 20, 2005, at 10:51 AM, Alex Holden wrote: > Jason Kingan wrote: >> I've found the root cause of the problem with Greg and I both being >> "removed." Apparently Spam Assassin, beginning late on the 18th >> started > > I did say to Greg earlier this afternoon that he hadn't been > unsubscribed. Unfortunately, he probably didn't see that message either. Everything from linuxhacker.org was being dumped as spam. >> blocking messages due to the mail server at linuxhacker.org being >> hosted on a dynamic IP and DHCP-assigned machine (is it?) The SA >> headers from a > > Nope. I have a block of static IPs. Good. >> 4.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname >> (IP addr 1) > > The HELO is set to "dsl-62-3-116-153.zen.co.uk" which is correct > because it matches the default reverse lookup for the IP address (I've > never had a good reason to change it from the default). It sounds like > the Spamassassin developers have been a bit overzealous in deciding > that certain hostnames are more likely to be spam sources than others. > I'll get my ISP to change the reverse lookup to a name of my own > choosing; that should hopefully work around this dodgy rule. Yes - getting them both set to linuxhacker.org if possible would be the best thing. I've also found that in most cases setting HELO to be the domain name (regardless of rev DNS) seems to make things run smoother. My personal domain was changed to be like this a couple of years ago because of similar problems. Cleared right up when I did this. Don't know if that's the "correct" thing to do, but it certainly cured my blocked mail issues. Thanks, Jason | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Subject:
Re: [nanogui] Mailing list issues
From: Alex Holden ####@####.#### Date: 20 Apr 2005 18:22:39 +0100 Message-Id: <42668FC7.8000100@linuxhacker.org> Jason Kingan wrote: > Yes - getting them both set to linuxhacker.org if possible would be the > best thing. I've also found that in most cases setting HELO to be the > domain name (regardless of rev DNS) seems to make things run smoother. I've done that before on other servers and it triggered spam filtering rules which say that the HELO name needs to resolve to the IP and the IP needs to reverse resolve to the HELO name. ISTR that AOL in particular refuse all mail from servers which fail this test. -- ------------ Alex Holden - http://www.alexholden.net/ ------------ If it doesn't work, you're not hitting it with a big enough hammer | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Subject:
Re: [nanogui] Mailing list issues
From: Alan Cox ####@####.#### Date: 20 Apr 2005 18:30:09 +0100 Message-Id: <1114014531.3870.34.camel@localhost.localdomain> On Mer, 2005-04-20 at 18:00, Darran Rimron wrote: > SpamAssassin is being arsy as your IP is probably in a block of, what > used to be called, DialUP pools. It's considered that any SMTP server > running on said IP pool is probably a spammer, hence the high rating. Not spamassassin but the block list some people are using. Its their own fault quite honestly for using invalid and incorrect data sources. If its being used in the default list by your package vendor please also file bugs against their spamassassin packages. Alan | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Subject:
Re: [nanogui] Mailing list issues
From: Alex Holden ####@####.#### Date: 20 Apr 2005 18:38:19 +0100 Message-Id: <42669373.1010509@linuxhacker.org> Darran Rimron wrote: > SpamAssassin is being arsy as your IP is probably in a block of, what > used to be called, DialUP pools. It's considered that any SMTP server > running on said IP pool is probably a spammer, hence the high rating. Ah, don't get me started on people who block based on the various (generally very poorly maintained) dialup blacklists. And then complain that they're not getting legitimate mail. But that's not what the HELO_DYNAMIC-IPADDR rule is about. From the SpamAssassin source: # Interesting new feature; spamware HELO'ing, from a dialup IP addr, # using that IP's rDNS entry. We can catch this easily. There aren't # many legit mailservers calling themselves # 'dhcp024-210-034-053.columbus.rr.com'. ;) -- ------------ Alex Holden - http://www.alexholden.net/ ------------ If it doesn't work, you're not hitting it with a big enough hammer | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Subject:
Re: [nanogui] Mailing list issues
From: Jason Kingan ####@####.#### Date: 20 Apr 2005 18:51:50 +0100 Message-Id: <857907bcd396e057fed6065b185db030@censoft.com> In this case, it isn't a blocklist problem. It's a Spam Assassin problem. The rule HELO_DYNAMIC_IPADDR and HELO_DYNAMIC_DHCP in SA is a regex one that catches hostnames similar to Alex's. Unfortunately, it also catches buckets of spam or I'd just disable it. Getting SA changed everywhere is an uphill battle - probably easier in the short term (and certainly the most reliable way) to get the rev dns delegated properly to linuxhacker.org. But I agree - blocklists in general are a major pain in some cases. Jason On Apr 20, 2005, at 10:28 AM, Alan Cox wrote: > On Mer, 2005-04-20 at 18:00, Darran Rimron wrote: >> SpamAssassin is being arsy as your IP is probably in a block of, what >> used to be called, DialUP pools. It's considered that any SMTP server >> running on said IP pool is probably a spammer, hence the high rating. > > Not spamassassin but the block list some people are using. Its their > own > fault quite honestly for using invalid and incorrect data sources. If > its being used in the default list by your package vendor please also > file bugs against their spamassassin packages. > > Alan > > | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
[<<] [<] Page 1 of 1 [>] [>>] |