Mailing List CGatePro@mail.stalker.com Message #92659
From: Tom Kishel <tomk@darkhorse.com>
Subject: CGP, SpamAssassin, and RDNS
Date: Wed, 19 Sep 2007 14:26:56 -0700
To: <CGatePro@mail.stalker.com>
X-Mailer: Apple Mail (2.752.3)
If you are receiving false-positives with CGP and the SpamAssassin 3.2.x RDNS_NONE test ...

If SpamAssassin 3.1.x cannot identify RDNS data in a "Received: from" header (due to formatting or omission) it would perform a RDNS lookup itself. That functionality has been removed from SpamAssassin 3.2.x as per:

    http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5054

The author comments: "we can move that lookup out to the eval test that uses it, pretty easily", but the RDNS_NONE test (among others) in 20_dynrdns.cf (among others) continues to just parse the X-Spam-Relays-Untrusted header set in SpamAssassin/Message/Metadata/Received.pm. You can re-enable that feature using the following patch.

80,83d79
<   # TJK Restore SA RDNS Resolution for CGP.
<   $self->{permsgstatus} = $permsgstatus;
<   $self->{is_dns_available} = $self->{permsgstatus}->is_dns_available();
<
1249,1258c1245
<       # TJK Restore SA RDNS Resolution for CGP.
<       if ($self->{is_dns_available}) {
<         $rdns = $self->{permsgstatus}->lookup_ptr($ip);
<         if (! $rdns) {
<           $rdns eq '';
<           $relay->{rdns_not_in_headers} = 1
<         }
<       } else {
<         $relay->{rdns_not_in_headers} = 1;
<       }
---
>       $relay->{rdns_not_in_headers} = 1;

Note that the "verified" flag that CGP sets in the "Received: from" header denotes the status of the HELO command, not the RDNS of the connecting host.

---

Example:

Single sending host with an IP address of 123.456.789.200.

DNS:

name-x.source.com A 123.456.789.100
name-y.source.com A 123.456.789.200
name-z.source.com A 123.456.789.300

Reverse DNS:

123.456.789.100 PTR name-x.source.com
123.456.789.200 PTR name-z.source.com
123.456.789.300 PTR name-z.source.com

telnet cgp.destination.com 25
HELO 123.456.789.100
Received: from [123.456.789.200] (HELO 123.456.789.100) by cgp.destination.com
# unverified HELO: 123.456.789.100 communicated from 123.456.789.200

telnet cgp.destination.com 25
HELO name-x.source.com
Received: from [123.456.789.200] (HELO nameof-123.456.789.101.com) by cgp.destination.com
# unverified HELO: name-x.source.com aka 123.456.789.100 communicated from 123.456.789.200

telnet cgp.destination.com 25
HELO name-y.source.com
Received: from name-y.source.com ([123.456.789.200] verified) by cgp.destination.com
# verified HELO: name-y.source.com aka 123.456.789.200 communicated from 123.456.789.200
# but reverse of 123.456.789.200 is name-z.source.com

--

Tom Kishel
Dark Horse Comics


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster