Bug 150081 - SpamAssassin uses wrong IP addresses in RBL check.
Summary: SpamAssassin uses wrong IP addresses in RBL check.
Alias: None
Product: Fedora
Classification: Fedora
Component: spamassassin
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Warren Togami
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2005-03-02 09:40 UTC by David Woodhouse
Modified: 2007-11-30 22:11 UTC (History)
5 users (show)

Clone Of:
Last Closed: 2005-04-26 00:56:12 UTC

Attachments (Terms of Use)

Description David Woodhouse 2005-03-02 09:40:08 UTC
SA has some heuristics in Received.pm to determine which Received:
headers should be ignored. Those with IP addresses in RFC1918 domains
are ignored, for example. 

We should also refrain from doing RBL checks on the IP address shown
in  Received: headers which show that the message was transmitted by
_authenticated_ SMTP. According to RFC3848, this is shown by the use
of 'by esmtpa' or 'by esmtpsa' in the Received: header.

Comment 1 Justin Mason 2005-03-02 10:03:12 UTC
I believe these issues may be fixed in the (as yet unreleased) SA
3.1.x tree.

http://bugzilla.spamassassin.org/show_bug.cgi?id=2462 is the auth-SMTP

Comment 2 David Woodhouse 2005-03-02 10:14:49 UTC
Looks like a patch exists for 3.0.x too. 

Btw, we should also be dropping IPv6 addresses in reserved ranges,
especially those with non-global scope.

Comment 3 Warren Togami 2005-03-31 11:20:04 UTC
> Looks like a patch exists for 3.0.x too.

If you want this in FC4, please supply a unidiff patch for me.  Make sure your
patch wont cause problems for us because I wont test it before applying it.

Comment 4 David Woodhouse 2005-03-31 11:34:53 UTC
Nah, FC4 is useless for mail for me anyway; I'll not bother updating my FC3
machines until FC5 comes out.

Comment 5 Warren Togami 2005-04-03 10:42:04 UTC
David I am now actively going through upstream 3.0.3 target bugs and looking for
the most critical 3.1.0 stuff to backport.  Working with the Debian spamassassin
maintainer because we have the common goal of making a real 3.0.3 maintenance
release.  If you consider this issue to be serious enough to warrant a 3.0.3
backport, please open a new bug in upstream bugzilla, CC me and report in this
bug the URL.  In the upstream report include your backported 3.0.x patch for
target inclusion in 3.0.3.

FC2 and FC3 packages of spamassassin-3.0.2 plus stuff already checked into 3.0
branch of SVN.  If you want to rebuild for ppc check out the package from FC4.

Comment 6 Warren Togami 2005-04-26 00:56:12 UTC
Looks like it was applied to r112026 in b3_0, so it will be in 3.0.3.  Already
in rawhide.

Note You need to log in before you can comment on or make changes to this bug.