[prev in list] [next in list] [prev in thread] [next in thread]
List: spamassassin-users
Subject: Re: Problem with Horde IMP ans Spamassassin
From: killerhorse <info () lauf-forum ! at>
Date: 2017-02-08 12:59:11
Message-ID: 20170208125840.Horde.IdrafM06c95JZHcr53--wZc () webmail ! lauf-forum ! at
[Download RAW message or body]
Thank you very much!
I found some information about this problem. But I thought, this is a
different problem because I thought that I have "HTTP" in both mails.
This is wrong. I actually have HTTP in one mail and HTTPS in the other
one. I completely overlooked this.
I solved the problem by changing the Horde config.
till now I used:
$conf['mailer']['params']['sendmail_path'] = '/usr/lib/sendmail';
$conf['mailer']['params']['sendmail_args'] = '-oi';
and now:
$conf['mailer']['params']['host'] = 'localhost';
$conf['mailer']['params']['port'] = 465;
$conf['mailer']['params']['secure'] = 'ssl';
$conf['mailer']['params']['username_auth'] = true;
$conf['mailer']['params']['password_auth'] = true;
$conf['mailer']['params']['auth'] = true;
$conf['mailer']['params']['lmtp'] = false;
$conf['mailer']['type'] = 'smtp';
This doesn't fix the Spamassassin problem, but it works now:
Return-Path: <test@lauf-forum.at>
Delivered-To: test@schachenhofer.net
Received: from localhost (localhost [127.0.0.1])
by mail.lauf-forum.at (Postfix) with ESMTP id F2DFD9400D4
for <test@schachenhofer.net>; Wed, 8 Feb 2017 12:58:15 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at mail.lauf-forum.at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5.5
tests=[BAYES_00=-1.9, FSL_HELO_NON_FQDN_1=0.001,
RP_MATCHES_RCVD=-0.001, TVD_SPACE_RATIO=0.001]
autolearn=ham autolearn_force=no
Received: from mail.lauf-forum.at ([127.0.0.1])
by localhost (lauf-forum.at [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id hfanGmHu19De for <test@schachenhofer.net>;
Wed, 8 Feb 2017 12:58:11 +0100 (CET)
Received: from krasses-pferd6 (mail.lauf-forum.at [IPv6:2a01:4f8:190:1261::2])
by mail.lauf-forum.at (Postfix) with SMTP id A30749400D2
for <test@schachenhofer.net>; Wed, 8 Feb 2017 12:58:09 +0100 (CET)
Received: from 212-186-35-163.cable.dynamic.surfer.at
(212-186-35-163.cable.dynamic.surfer.at [212.186.35.163]) by
webmail.lauf-forum.at (Horde Framework) with HTTPS; Wed, 08 Feb 2017
11:58:09 +0000
Date: Wed, 08 Feb 2017 11:58:09 +0000
Message-ID:
<20170208115809.Horde.QUNfXYjX4Tiyra3utrVp8f0@webmail.lauf-forum.at>
From: test@lauf-forum.at
To: test@schachenhofer.net
Subject: Test1234567890
User-Agent: Horde Application Framework 5
Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes
MIME-Version: 1.0
Content-Disposition: inline
Thank you again for your quick help.
best regards
Christian
Zitat von "Edda [via SpamAssassin]"
<ml-node+s1065346n123922h48@n5.nabble.com>:
> Am 08.02.17 um 12:01 schrieb info@lauf-forum.at:
>
> [...]
> >
> > What is the difference between the two mail headers? I don't see one.
> > The only difference I can see ist, that the nonspam mail has only the
> > IP of the sender in the header and the spam mail has also the reverse
> > DNS entry of the IP in the header.
> The key difference is the transfer method: HTTP vs. HTTPS
>
> I tested it with spamassassin 3.4.0. With your original header,
> spamassassin parses the webmail client ip as untrusted:
>
> Feb 8 12:32:46.189 [2306] dbg: received-header: parsed as [
> ip=212.186.35.163 rdns=212-186-35-163.cable.dynamic.surfer.at
> helo=212-186-35-163.cable.dynamic.surfer.at by=webmail.lauf-forum.at
> ident= envfrom= intl=0 id= auth= msa=0 ]
> Feb 8 12:32:46.189 [2306] dbg: received-header: do not trust any hosts
> from here on
> Feb 8 12:32:46.189 [2306] dbg: received-header: relay 212.186.35.163
> trusted? no internal? no msa? no
>
> If I change only HTTPS to HTTP in the first received header, thus:
>
> Received: from 212-186-35-163.cable.dynamic.surfer.at
> (212-186-35-163.cable.dynamic.surfer.at [212.186.35.163]) by
> webmail.lauf-forum.at (Horde Framework) with HTTP; Tue, 07 Feb 2017
> 21:57:06 +0000
>
> spamassassin gets it (see the auth=HTTP):
>
> Feb 8 12:56:16.627 [2735] dbg: received-header: parsed as [
> ip=212.186.35.163 rdns=212-186-35-163.cable.dynamic.surfer.at
> helo=212-186-35-163.cable.dynamic.surfer.at by=webmail.lauf-forum.at
> ident= envfrom= intl=0 id= auth=HTTP msa=0 ]
> Feb 8 12:56:16.627 [2735] dbg: received-header: authentication method HTTP
> Feb 8 12:56:16.627 [2735] dbg: received-header: relay 212.186.35.163
> trusted? yes internal? yes msa? no
>
> With the correct parsing spamassassin identifies the relay correctly as
> trusted (ALL_TRUSTED fires for this mail) and therefore doesn't use
> 212.186.35.163 for IP checks.
>
> It's a parsing error in spamassassin. I don't know wether it's fixed in
> 3.4.1.
>
>
> Best regards,
> Edda
>
>
>
>
>
>
> _______________________________________________
> If you reply to this email, your message will be added to the
> discussion below:
> http://spamassassin.1065346.n5.nabble.com/Problem-with-Horde-IMP-ans-Spamassassin-tp123915p123922.html
>
> To unsubscribe from Problem with Horde IMP ans Spamassassin, visit
> http://spamassassin.1065346.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=123915&code=aW5mb0BsYXVmLWZvcnVtLmF0fDEyMzkxNXw2NTAzMjA5MzU=
>
--
View this message in context: \
http://spamassassin.1065346.n5.nabble.com/Problem-with-Horde-IMP-ans-Spamassassin-tp123915p123926.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
[Attachment #3 (text/html)]
<br/>Thank you very much!
<br/><br/>I found some information about this problem. But I thought, this is a \
<br/>different problem because I thought that I have "HTTP" in both \
mails. <br/>This is wrong. I actually have HTTP in one mail and HTTPS in the \
other <br/>one. I completely overlooked this.
<br/><br/>I solved the problem by changing the Horde config.
<br/><br/>till now I used:
<br/>$conf['mailer']['params']['sendmail_path'] = '/usr/lib/sendmail';
<br/>$conf['mailer']['params']['sendmail_args'] = '-oi';
<br/><br/>and now:
<br/>$conf['mailer']['params']['host'] = 'localhost';
<br/>$conf['mailer']['params']['port'] = 465;
<br/>$conf['mailer']['params']['secure'] = 'ssl';
<br/>$conf['mailer']['params']['username_auth'] = true;
<br/>$conf['mailer']['params']['password_auth'] = true;
<br/>$conf['mailer']['params']['auth'] = true;
<br/>$conf['mailer']['params']['lmtp'] = false;
<br/>$conf['mailer']['type'] = 'smtp';
<br/><br/>This doesn't fix the Spamassassin problem, but it works now:
<br/><br/><br/>Return-Path: <<a \
href="/user/SendEmail.jtp?type=node&node=123926&i=0" target="_top" rel="nofollow" \
link="external">[hidden email]</a>> <br/>Delivered-To: <a \
href="/user/SendEmail.jtp?type=node&node=123926&i=1" target="_top" rel="nofollow" \
link="external">[hidden email]</a> <br/>Received: from localhost (localhost \
[127.0.0.1]) <br/> by mail.lauf-forum.at (Postfix) \
with ESMTP id F2DFD9400D4 <br/> for <<a \
href="/user/SendEmail.jtp?type=node&node=123926&i=2" target="_top" rel="nofollow" \
link="external">[hidden email]</a>>; Wed, 8 Feb 2017 12:58:15 +0100 (CET) \
<br/>X-Virus-Scanned: Debian amavisd-new at mail.lauf-forum.at <br/>X-Spam-Flag: NO
<br/>X-Spam-Score: -1.899
<br/>X-Spam-Level:
<br/>X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5.5
<br/> tests=[BAYES_00=-1.9, \
FSL_HELO_NON_FQDN_1=0.001, <br/> \
RP_MATCHES_RCVD=-0.001, TVD_SPACE_RATIO=0.001] <br/> \
autolearn=ham autolearn_force=no <br/>Received: from mail.lauf-forum.at \
([127.0.0.1]) <br/> by localhost (lauf-forum.at \
[127.0.0.1]) (amavisd-new, port 10024) <br/> with \
ESMTP id hfanGmHu19De for <<a href="/user/SendEmail.jtp?type=node&node=123926&i=3" \
target="_top" rel="nofollow" link="external">[hidden email]</a>>; <br/> \
Wed, 8 Feb 2017 12:58:11 +0100 (CET) <br/>Received: \
from krasses-pferd6 (mail.lauf-forum.at [IPv6:2a01:4f8:190:1261::2]) <br/> \
by mail.lauf-forum.at (Postfix) with SMTP id A30749400D2 \
<br/> for <<a \
href="/user/SendEmail.jtp?type=node&node=123926&i=4" target="_top" rel="nofollow" \
link="external">[hidden email]</a>>; Wed, 8 Feb 2017 12:58:09 +0100 (CET) \
<br/>Received: from 212-186-35-163.cable.dynamic.surfer.at <br/> \
(212-186-35-163.cable.dynamic.surfer.at [212.186.35.163]) by <br/> \
webmail.lauf-forum.at (Horde Framework) with HTTPS; Wed, 08 Feb 2017 \
<br/> 11:58:09 +0000 <br/>Date: Wed, 08 Feb 2017 11:58:09 +0000
<br/>Message-ID:
<br/><<a href="/user/SendEmail.jtp?type=node&node=123926&i=5" target="_top" \
rel="nofollow" link="external">[hidden email]</a>> <br/>From: <a \
href="/user/SendEmail.jtp?type=node&node=123926&i=6" target="_top" rel="nofollow" \
link="external">[hidden email]</a> <br/>To: <a \
href="/user/SendEmail.jtp?type=node&node=123926&i=7" target="_top" rel="nofollow" \
link="external">[hidden email]</a> <br/>Subject: Test1234567890
<br/>User-Agent: Horde Application Framework 5
<br/>Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes
<br/>MIME-Version: 1.0
<br/>Content-Disposition: inline
<br/><br/><br/>Thank you again for your quick help.
<br/><br/>best regards
<br/>Christian
<br/><br/><br/><br/>Zitat von "Edda [via SpamAssassin]"
<br/><<a href="/user/SendEmail.jtp?type=node&node=123926&i=8" target="_top" \
rel="nofollow" link="external">[hidden email]</a>>: <br/><div \
class='shrinkable-quote'><br/>> Am 08.02.17 um 12:01 schrieb <a \
href="/user/SendEmail.jtp?type=node&node=123926&i=9" target="_top" rel="nofollow" \
link="external">[hidden email]</a>: <br/>>
<br/>> [...]
<br/>>>
<br/>>> What is the difference between the two mail headers? I don't see one.
<br/>>> The only difference I can see ist, that the nonspam mail has only the
<br/>>> IP of the sender in the header and the spam mail has also the reverse
<br/>>> DNS entry of the IP in the header.
<br/>> The key difference is the transfer method: HTTP vs. HTTPS
<br/>>
<br/>> I tested it with spamassassin 3.4.0. With your original header,
<br/>> spamassassin parses the webmail client ip as untrusted:
<br/>>
<br/>> Feb 8 12:32:46.189 [2306] dbg: received-header: parsed as [
<br/>> ip=212.186.35.163 rdns=212-186-35-163.cable.dynamic.surfer.at
<br/>> helo=212-186-35-163.cable.dynamic.surfer.at by=webmail.lauf-forum.at
<br/>> ident= envfrom= intl=0 id= auth= msa=0 ]
<br/>> Feb 8 12:32:46.189 [2306] dbg: received-header: do not trust any \
hosts <br/>> from here on
<br/>> Feb 8 12:32:46.189 [2306] dbg: received-header: relay 212.186.35.163
<br/>> trusted? no internal? no msa? no
<br/>>
<br/>> If I change only HTTPS to HTTP in the first received header, thus:
<br/>>
<br/>> Received: from 212-186-35-163.cable.dynamic.surfer.at
<br/>> (212-186-35-163.cable.dynamic.surfer.at [212.186.35.163]) by
<br/>> webmail.lauf-forum.at (Horde Framework) with HTTP; Tue, 07 Feb 2017
<br/>> 21:57:06 +0000
<br/>>
<br/>> spamassassin gets it (see the auth=HTTP):
<br/>>
<br/>> Feb 8 12:56:16.627 [2735] dbg: received-header: parsed as [
<br/>> ip=212.186.35.163 rdns=212-186-35-163.cable.dynamic.surfer.at
<br/>> helo=212-186-35-163.cable.dynamic.surfer.at by=webmail.lauf-forum.at
<br/>> ident= envfrom= intl=0 id= auth=HTTP msa=0 ]
<br/>> Feb 8 12:56:16.627 [2735] dbg: received-header: authentication method HTTP
<br/>> Feb 8 12:56:16.627 [2735] dbg: received-header: relay 212.186.35.163
<br/>> trusted? yes internal? yes msa? no
<br/>>
<br/>> With the correct parsing spamassassin identifies the relay correctly as
<br/>> trusted (ALL_TRUSTED fires for this mail) and therefore doesn't use
<br/>> 212.186.35.163 for IP checks.
<br/>>
<br/>> It's a parsing error in spamassassin. I don't know wether it's fixed in
<br/>> 3.4.1.
<br/>>
<br/>>
<br/>> Best regards,
<br/>> Edda
<br/>>
<br/>>
<br/>>
<br/>>
<br/>>
<br/>>
<br/>> _______________________________________________
<br/>> If you reply to this email, your message will be added to the
<br/>> discussion below:
<br/>> <a href="http://spamassassin.1065346.n5.nabble.com/Problem-with-Horde-IMP-ans-Spamassassin-tp123915p123922.html" \
target="_top" rel="nofollow" \
link="external">http://spamassassin.1065346.n5.nabble.com/Problem-with-Horde-IMP-ans-Spamassassin-tp123915p123922.html</a><br/>>
<br/>> To unsubscribe from Problem with Horde IMP ans Spamassassin, visit
<br/>> <a href="" target="_top" rel="nofollow" link="external">
<br/><hr align="left" width="300" />
View this message in context: <a \
href="http://spamassassin.1065346.n5.nabble.com/Problem-with-Horde-IMP-ans-Spamassassin-tp123915p123926.html">Re: \
Problem with Horde IMP ans Spamassassin</a><br/> Sent from the <a \
href="http://spamassassin.1065346.n5.nabble.com/SpamAssassin-Users-f3.html">SpamAssassin \
- Users mailing list archive</a> at Nabble.com.<br/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic