parsing original SMTP not working properly?

Hi,

I might have hitten a bug in the way SA parses out the original SMTP host.
I send and email from my mail client (to myself) through the SMTP server of
GMX. SA thinks the Mail was sent directly from my computer (i.e. my
dsl-routers IP) without using GMXs SMTP server.

SPF_FAIL, RCVD_IN_PBL RBL, RCVD_IN_XBL RBL, RCVD_IN_SORBS_DUL and RDNS_DYNAMIC
seem to think 85.55.41.198 was the SMTP server - which is wrong. 85.55.41.198
is the IP my dsl-router uses to connect to the Internet.

Am I understanding / have configured something wrong here or did I indeed hi a
bug? If so - shall I open a bugreport, post this to the dev-list or how to
proceed?



Full headers:

Return-Path: <anyaddress@...>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on momo.seclinet.org
X-Spam-Level: ****
X-Spam-Status: No, score=4.3 required=5.0
tests=AWL,BAYES_40,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_DYNAMIC,SPF_FAIL,TVD_SPACE_RATIO
        autolearn=no
        bayes=0.2760
        language=
        report:
        *  0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
        *      [85.55.41.198 listed in zen.spamhaus.org]
        *  3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
        *  0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
        *      [85.55.41.198 listed in dnsbl.sorbs.net]
        *  0.7 SPF_FAIL SPF: sender does not match SPF record (fail)
        *      [SPF failed: Please see
http://www.openspf.org/Why?s=mfrom&id=anyaddress%40gmx.net&ip=85.55.41.198&r=momo.seclinet.org]
        * -0.2 BAYES_40 BODY: Bayesian spam probability is 20 to 40%
        *      [score: 0.2760]
        *  2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
        *  0.1 RDNS_DYNAMIC Delivered to trusted network by host with
        *      dynamic-looking rDNS
        * -3.4 AWL AWL: From: address is in the auto white-list
X-Flags: 0000
Delivered-To: GMX delivery to seclinet@...
Received: by localhost (fdm 1.5, account "gmx");
        Mon, 14 Jul 2008 01:04:12 +0200
Received: (qmail 6881 invoked by alias); 13 Jul 2008 22:29:06 -0000
Delivered-To: GMX delivery to anyaddress@...
Received: (qmail invoked by alias); 13 Jul 2008 22:29:06 -0000
Received: from 198.pool85-55-41.dynamic.orange.es (EHLO [192.168.0.25])
[85.55.41.198]
  by mail.gmx.net (mp004) with SMTP; 14 Jul 2008 00:29:06 +0200
X-Authenticated: #8384405
X-Provags-ID: V01U2FsdGVkX1/KEJsVuZLKMG4BVaXLiJgyzPl76GsqwvYJeDn+q7
        XuSbVqmMorwDIp
From: Tom Fernandes <anyaddress@...>
To: Tom Fernandes <anyaddress@...>
Subject: test-procmail
Date: Mon, 14 Jul 2008 00:29:04 +0200
User-Agent: KMail/1.9.9
MIME-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200807140029.04272.anyaddress@...>
X-FuHaFi: 0.00
X-GMX-Antivirus: 0 (no virus found)
X-GMX-Antispam: -2 (not scanned, spam filter disabled)
X-Resent-By: Forwarder <forwarder@...>
X-Resent-For: anyaddress@...
X-Resent-To: seclinet@...
X-GMX-UID: /PQbLLcNa0AodebBJTAzUog3Njh6dE7a
X-Length: 2321
X-UID: 1521



thanks,


Tom

Tom Fernandes wrote:
so mail is received by mail.gmx.net, then by localhost. SA cannot guess
that it is not running on mail.gmx.net ;-p)

where is the Received header that shows that the message moved from gmx
to your mail server?

Hi,

On Monday, 14. July 2008, mouss wrote:
Not sure if I get your right. The way of the mail is the following:

MUA (kmail) -> GMXs SMTP Server -> GMX forwards it from anyaddress@... to
seclinet@... (I have set it like this in my account preferences at
GMX) -> fdm (which is a similar to fetchmail) fetches the mail via pop3 ->
procmail (gets fed by fdm) -> spamassassin (called from procmail as first
rule).

But to answer your question:

Received: by localhost (fdm 1.5, account "gmx");
         Mon, 14 Jul 2008 01:04:12 +0200

is the header you are asking for - if I understood you correctly.



Tom

Tom Fernandes wrote:
I guess that's the problem. I don't think SA handles fdm.

Hi,

On Tuesday, 15. July 2008, mouss wrote:
Bug filed:

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5941

lets see...


thanks for your comments,


Tom

Hello Tom,

Am 2008-07-15 00:09:33, schrieb Tom Fernandes:
> But to answer your question:
>
> Received: by localhost (fdm 1.5, account "gmx");
>          Mon, 14 Jul 2008 01:04:12 +0200
>
> is the header you are asking for - if I understood you correctly.

With fetchmail it is the same problem...

Why do you not set a "silent" mode like in fetchmail, so "fdm" does  not
insert this "Received:" header?

Thanks, Greetings and nice Day/Evening
    Michelle Konzack
    Systemadministrator
    24V Electronic Engineer
    Tamay Dogan Network
    Debian GNU/Linux Consultant


--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack   Apt. 917                  ICQ #328449886
+49/177/9351947    50, rue de Soultz         MSN LinuxMichi
+33/6/61925193     67100 Strasbourg/France   IRC #Debian (irc.icq.com)

Michelle Konzack wrote:
ahuh? I use fetchmail and I don't see this problem.

>
> Why do you not set a "silent" mode like in fetchmail, so "fdm" does  not
> insert this "Received:" header?

doesn't solve the problem. he needs to _add_ a header so that SA doesn't
consider his ISp as his own MTA.