'[Bug 7686] New: RCVD_IN_PBL false positive from X-Originating-IP despite existence of ESMTPSA header'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-devel
Subject:    [Bug 7686] New: RCVD_IN_PBL false positive from X-Originating-IP despite existence of ESMTPSA header
From:       bugzilla-daemon () bugzilla ! spamassassin ! org
Date:       2019-01-25 21:04:24
Message-ID: bug-7686-26 () https ! bz ! apache ! org/SpamAssassin/
[Download RAW message or body]

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7686

            Bug ID: 7686
           Summary: RCVD_IN_PBL false positive from X-Originating-IP
                    despite existence of ESMTPSA header
           Product: Spamassassin
           Version: 3.4.0
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P2
         Component: spamassassin
          Assignee: dev@spamassassin.apache.org
          Reporter: jordan@websavers.ca
  Target Milestone: Undefined

Hey there,

Here's the headers:

Return-Path: barrington@i********t.ca
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on sumac.websavers.ca
X-Spam-Flag: YES
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.6 required=2.5 tests=BAYES_60,HTML_MESSAGE,
RCVD_IN_PBL,RDNS_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0
X-Spam-Report:
* 1.5 BAYES_60 BODY: Bayes spam probability is 60 to 80%
* [score: 0.6066]
* -0.0 SPF_PASS SPF: sender matches SPF record
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
* [142.68.14.248 listed in zen.spamhaus.org]
* 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Original-To: jm@i********t.ca
Delivered-To: jm@i********t.ca
Received: from webmail.websavers.ca (base.websavers.ca [192.95.53.248])
by sumac.websavers.ca (Postfix) with ESMTPSA id 9DA8A92564
for jm@i********t.ca; Thu, 24 Jan 2019 14:16:37 -0400 (AST)
Authentication-Results: sumac.websavers.ca;
spf=pass (sender IP is 192.95.53.248) smtp.mailfrom=bt@i********t.ca
smtp.helo=webmail.websavers.ca
Received-SPF: pass (sumac.websavers.ca: connection is authenticated)
MIME-Version: 1.0
Date: Thu, 24 Jan 2019 18:16:37 +0000
Content-Type: multipart/alternative;
boundary="--=_RainLoop_989_989733652.1548353797"
X-Mailer: RainLoop/1.12.1
From: bt@i********t.ca
Message-ID: 4928e3dd2bbaa60234fa97d7e8ecd7c9@i********t.ca
Subject: Friday Soup
To: "JM" jm@i********t.ca
X-Originating-IP: 142.68.14.248

I've read a lot of bug reports and mailing list commentary on this, all of
which are dismissed as invalid because there's no authenticated SMTP header,
which makes sense to me.

In this instance, however, the final Received header clearly indicates that
it's using ESMTPSA -- authenticated SMTP. Shouldn't the PBL lookup only be
happening against that IP and not the X-Originating-IP header address?

I've since disabled use of the X-Originating-IP header in rainloop to avoid
this from triggering again, but ultimately I think that's a pretty handy header
to have when troubleshooting issues, so I'd like to be able to use it.

Is this a bug, or is my understanding about which IPs should be checked against
the PBL flawed?

Thanks in advance for the commentary.

-Jordan

-- 
You are receiving this mail because:
You are the assignee for the bug.=
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic