Mailing List Archive: SpamAssassin: users

whitelisting webmail application

Index | Next | Previous | View Threaded

leolistas at solutti

May 3, 2008, 8:51 AM

Post #1 of 6 (250 views)
Permalink

whitelisting webmail application

Hello Guys,

im running SA 3.2.4 and, on the same machine, horde/imp as webmail
application.

Sometimes, mails sent through imp are getting flagged as SPAM
because of RBL checks, for example:

Content analysis details: (8.4 points, 8.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.3 TVD_RCVD_SINGLE TVD_RCVD_SINGLE
3.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
[botnet_ipinhosntame,ip=201.67.93.102,rdns=201-67-93-102.gnace704.dsl.brasiltelecom.net.br]
0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
0.0 HTML_MESSAGE BODY: HTML included in message
5.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[201.67.93.102 listed in zen.spamhaus.org]
0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS

Content analysis details: (11.7 points, 8.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
5.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[201.11.150.2 listed in zen.spamhaus.org]
5.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
1.6 TVD_RCVD_IP TVD_RCVD_IP
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS

Well .... in fact i would like my webmail sent applications to be
considered 'trusted' and not pass through SA rules, but i dont know how
to do that. I think i'm having this kind of behavior because IMP is
inserting Received: headers with real ip users apparently when remote IP
has reverse and always with X-Originating-IP

(with remote IP address as X-Originating-IP)

Return-Path: <myuser[at]solutti.com.br>
Received: from ( [unknown]) by correio.solutti.com.br (Horde MIME library)
with HTTP; Sat, 03 May 2008 11:34:55 -0300
Message-ID: <20080503113455.stj6j0flwkso048c[at]correio.solutti.com.br>
Date: Sat, 03 May 2008 11:34:55 -0300
From: myuser[at]solutti.com.br
To: otheruser[at]solutti.com.br
Subject: proposta comercial
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="=_1j9plxzuetq8"
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.1.3)
X-Originating-IP: 201.67.93.102
X-Remote-Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
.NET CLR 1.1.4322)

(with remote IP address sa Received: header)

Return-Path: <myuser[at]solutti.com.br>
Received: from 201-11-150-2.gnace702.dsl.brasiltelecom.net.br
(201-11-150-2.gnace702.dsl.brasiltelecom.net.br [201.11.150.2]) by
correio.solutti.com.br (Horde MIME library) with HTTP; Sat, 03 May 2008
12:22:55 -0300
Message-ID: <20080503122255.6uqhmc7pk4k8g4g4[at]correio.solutti.com.br>
Date: Sat, 03 May 2008 12:22:55 -0300
From: myuser[at]solutti.com.br
To: otheruser[at]solutti.com.br
Subject: teste
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="=_2pwudsfd55c0"
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.1.3)
X-Originating-IP: 201.11.150.2
X-Remote-Browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; Alexa;
rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14

Question is ... how would be the correct way of whitelisting my
local sent messages through webmail ?

--

Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertrudes[at]solutti.com.br
My SPAMTRAP, do not email it

nigel at blue-canoe

May 3, 2008, 10:06 AM

Post #2 of 6 (241 views)
Permalink

Re: whitelisting webmail application [In reply to]

On Sat, 03 May 2008 12:51:32 -0300, Leonardo Rodrigues Magalhães
<leolistas[at]solutti.com.br> wrote:

>
> Hello Guys,
>
> im running SA 3.2.4 and, on the same machine, horde/imp as webmail
>application.
>
> Sometimes, mails sent through imp are getting flagged as SPAM
>because of RBL checks, for example:
>
>Content analysis details: (8.4 points, 8.0 required)
>
> pts rule name description
>---- ---------------------- --------------------------------------------------
> 0.3 TVD_RCVD_SINGLE TVD_RCVD_SINGLE
> 3.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
>[botnet_ipinhosntame,ip=201.67.93.102,rdns=201-67-93-102.gnace704.dsl.brasiltelecom.net.br]
> 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 5.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
> [201.67.93.102 listed in zen.spamhaus.org]
> 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
>
>
>
>Content analysis details: (11.7 points, 8.0 required)
>
> pts rule name description
>---- ---------------------- --------------------------------------------------
> 5.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
> [201.11.150.2 listed in zen.spamhaus.org]
> 5.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL

Before you worry about whitelisting your own stuff, the Spamhaus
listing would need to be resolved.

If you are on a static IP you might ask your isp to supply an rdns
entry and then attempt to get things resolved with Spamhaus.

If you do both of those you will probably not hit either of the issues
you show above (and below).

> 1.6 TVD_RCVD_IP TVD_RCVD_IP
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
>
>
> Well .... in fact i would like my webmail sent applications to be
>considered 'trusted' and not pass through SA rules, but i dont know how
>to do that. I think i'm having this kind of behavior because IMP is
>inserting Received: headers with real ip users apparently when remote IP
>has reverse and always with X-Originating-IP
>
>(with remote IP address as X-Originating-IP)
>
>Return-Path: <myuser[at]solutti.com.br>
>Received: from ( [unknown]) by correio.solutti.com.br (Horde MIME library)
> with HTTP; Sat, 03 May 2008 11:34:55 -0300
>Message-ID: <20080503113455.stj6j0flwkso048c[at]correio.solutti.com.br>
>Date: Sat, 03 May 2008 11:34:55 -0300
>From: myuser[at]solutti.com.br
>To: otheruser[at]solutti.com.br
>Subject: proposta comercial
>MIME-Version: 1.0
>Content-Type: multipart/alternative;
> boundary="=_1j9plxzuetq8"
>Content-Transfer-Encoding: 7bit
>User-Agent: Internet Messaging Program (IMP) H3 (4.1.3)
>X-Originating-IP: 201.67.93.102
>X-Remote-Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
> .NET CLR 1.1.4322)
>
>
>
>(with remote IP address sa Received: header)
>
>Return-Path: <myuser[at]solutti.com.br>
>Received: from 201-11-150-2.gnace702.dsl.brasiltelecom.net.br
> (201-11-150-2.gnace702.dsl.brasiltelecom.net.br [201.11.150.2]) by
> correio.solutti.com.br (Horde MIME library) with HTTP; Sat, 03 May 2008
> 12:22:55 -0300
>Message-ID: <20080503122255.6uqhmc7pk4k8g4g4[at]correio.solutti.com.br>
>Date: Sat, 03 May 2008 12:22:55 -0300
>From: myuser[at]solutti.com.br
>To: otheruser[at]solutti.com.br
>Subject: teste
>MIME-Version: 1.0
>Content-Type: multipart/alternative;
> boundary="=_2pwudsfd55c0"
>Content-Transfer-Encoding: 7bit
>User-Agent: Internet Messaging Program (IMP) H3 (4.1.3)
>X-Originating-IP: 201.11.150.2
>X-Remote-Browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; Alexa;
> rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
>
>
>
> Question is ... how would be the correct way of whitelisting my
>local sent messages through webmail ?

leolistas at solutti

May 3, 2008, 4:55 PM

Post #3 of 6 (236 views)
Permalink

Re: whitelisting webmail application [In reply to]

Nigel Frankcom escreveu:
> On Sat, 03 May 2008 12:51:32 -0300, Leonardo Rodrigues Magalhães
> <leolistas[at]solutti.com.br> wrote:
>
>
>> Hello Guys,
>>
>> im running SA 3.2.4 and, on the same machine, horde/imp as webmail
>> application.
>>
>> Sometimes, mails sent through imp are getting flagged as SPAM
>> because of RBL checks, for example:
>>
>> Content analysis details: (8.4 points, 8.0 required)
>>
>> pts rule name description
>> ---- ---------------------- --------------------------------------------------
>> 0.3 TVD_RCVD_SINGLE TVD_RCVD_SINGLE
>> 3.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
>> [botnet_ipinhosntame,ip=201.67.93.102,rdns=201-67-93-102.gnace704.dsl.brasiltelecom.net.br]
>> 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
>> 0.0 HTML_MESSAGE BODY: HTML included in message
>> 5.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
>> [201.67.93.102 listed in zen.spamhaus.org]
>> 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
>>
>>
>>
>> Content analysis details: (11.7 points, 8.0 required)
>>
>> pts rule name description
>> ---- ---------------------- --------------------------------------------------
>> 5.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
>> [201.11.150.2 listed in zen.spamhaus.org]
>> 5.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
>>
>
> Before you worry about whitelisting your own stuff, the Spamhaus
> listing would need to be resolved.
>
> If you are on a static IP you might ask your isp to supply an rdns
> entry and then attempt to get things resolved with Spamhaus.
>
> If you do both of those you will probably not hit either of the issues
> you show above (and below).
>
>

Hi Nigel,

I think you got it wrong .... this 201.11.150.2 is my customer,
which really is in a DSL dynamic ip address line. This is NOT my mail
server. My mail server is on a static ip address which has no problem at
all with RBLs.

The problem is, as reported, that messages sent through webmail are
getting RBL checked and maybe, sometimes, my customers can be on some
RBL-listed IP address. Even on those cases, i would like webmail-sent
messages to not trigger RBL checks, so my questions on what would be the
best/correct way of whitelisting it.

Anyway, thanks for your reply and have a nice weekend !

--

Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertrudes[at]solutti.com.br
My SPAMTRAP, do not email it

me at junc

May 3, 2008, 5:07 PM

Post #4 of 6 (236 views)
Permalink

Re: whitelisting webmail application [In reply to]

On Sun, May 4, 2008 01:55, Leonardo Rodrigues Magalhães wrote:
> I think you got it wrong .... this 201.11.150.2 is my customer,
> which really is in a DSL dynamic ip address line. This is NOT my mail
> server. My mail server is on a static ip address which has no problem at
> all with RBLs.

does users us smtp auth ?

> The problem is, as reported, that messages sent through webmail are
> getting RBL checked and maybe, sometimes, my customers can be on some
> RBL-listed IP address. Even on those cases, i would like webmail-sent
> messages to not trigger RBL checks, so my questions on what would be the
> best/correct way of whitelisting it.

no whitelist is needed since users mails will origin from your ip

if onsure, put mail sample on a pastebin somewhere and post the link to
maillist here

> Anyway, thanks for your reply and have a nice weekend !

np

Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098

paulg at cse

May 5, 2008, 6:13 AM

Post #5 of 6 (216 views)
Permalink

Re: whitelisting webmail application [In reply to]

On Sat, 03 May 2008 11:51:32 -0400, Leonardo Rodrigues MagalhÃ£es <leolistas[at]solutti.com.br> wrote:

> Hello Guys,
>
> im running SA 3.2.4 and, on the same machine, horde/imp as webmail
> application.
>
> Sometimes, mails sent through imp are getting flagged as SPAM
> because of RBL checks, for example:
>
> Content analysis details: (8.4 points, 8.0 required)
>
> pts rule name description
> ---- ---------------------- --------------------------------------------------
> 0.3 TVD_RCVD_SINGLE TVD_RCVD_SINGLE
> 3.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
> [botnet_ipinhosntame,ip=201.67.93.102,rdns=201-67-93-102.gnace704.dsl.brasiltelecom.net.br]
> 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 5.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
> [201.67.93.102 listed in zen.spamhaus.org]
> 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
>
>
>
> Content analysis details: (11.7 points, 8.0 required)
>
> pts rule name description
> ---- ---------------------- --------------------------------------------------
> 5.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
> [201.11.150.2 listed in zen.spamhaus.org]
> 5.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
> 1.6 TVD_RCVD_IP TVD_RCVD_IP
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
>
>
> Well .... in fact i would like my webmail sent applications to be
> considered 'trusted' and not pass through SA rules, but i dont know how
> to do that. I think i'm having this kind of behavior because IMP is
> inserting Received: headers with real ip users apparently when remote IP
> has reverse and always with X-Originating-IP

..snip...

>
> Question is ... how would be the correct way of whitelisting my
> local sent messages through webmail ?
>
>

Do you have you your mail server and your horde host listed in your internal_networks and trusted_network ?

See:
http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html#network_test_options

Cheers,
Paul

kdeugau at vianet

May 6, 2008, 11:38 AM

Post #6 of 6 (205 views)
Permalink

Re: whitelisting webmail application [In reply to]

Benny Pedersen wrote:
> does users us smtp auth ?

Not the OP, but he *did* say this is from webmail. Presumably it's a
little hard to send mail from his webmail setup unless you're logged in...

(IIRC SA includes rules to look for Horde/IMP and Squirrelmail [at
least] Received: headers and considers them properly for the trust path.)

-kgd

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com