SA has some heuristics in Received.pm to determine which Received:
headers should be ignored. Those with IP addresses in RFC1918 domains
are ignored, for example.
We should also refrain from doing RBL checks on the IP address shown
in Received: headers which show that the message was transmitted by
_authenticated_ SMTP. According to RFC3848, this is shown by the use
of 'by esmtpa' or 'by esmtpsa' in the Received: header.
I believe these issues may be fixed in the (as yet unreleased) SA
http://bugzilla.spamassassin.org/show_bug.cgi?id=2462 is the auth-SMTP
Looks like a patch exists for 3.0.x too.
Btw, we should also be dropping IPv6 addresses in reserved ranges,
especially those with non-global scope.
> Looks like a patch exists for 3.0.x too.
If you want this in FC4, please supply a unidiff patch for me. Make sure your
patch wont cause problems for us because I wont test it before applying it.
Nah, FC4 is useless for mail for me anyway; I'll not bother updating my FC3
machines until FC5 comes out.
David I am now actively going through upstream 3.0.3 target bugs and looking for
the most critical 3.1.0 stuff to backport. Working with the Debian spamassassin
maintainer because we have the common goal of making a real 3.0.3 maintenance
release. If you consider this issue to be serious enough to warrant a 3.0.3
backport, please open a new bug in upstream bugzilla, CC me and report in this
bug the URL. In the upstream report include your backported 3.0.x patch for
target inclusion in 3.0.3.
FC2 and FC3 packages of spamassassin-3.0.2 plus stuff already checked into 3.0
branch of SVN. If you want to rebuild for ppc check out the package from FC4.
Looks like it was applied to r112026 in b3_0, so it will be in 3.0.3. Already