From: Kurt H Maier <khm@sciops.net>
To: 9front@9front.org
Subject: Re: *****SPAM***** [9front] test
Date: Mon, 21 Sep 2020 18:04:33 -0700 [thread overview]
Message-ID: <20200922010433.GG43872@wopr> (raw)
In-Reply-To: <DB9CB61D16FAD42ABDE587820A830C83@a-b.xyz>
On Tue, Sep 22, 2020 at 12:32:38AM +0200, kvik@a-b.xyz wrote:
>
> What's confusing to me is how any of my systems, ten.a-b.xyz in
> particular, come into this picture -- they have no part in the mail
> business.
Some server, I don't know which, is identifying to some other server as
'a-b.xyz' and this is where the problem starts. I suspect but cannot
know that this may be migadu's service masquerading as your domain for
purposes of mail deliverability, but it might just be some server along
the chain setting a fucked-up header and subsequent systems getting mad
at that header.
Anyway, once Mystery Asshole identifies as a-b.xyz, the receiving
server, in this case vbsd.alarum.de, looks at the IP making this claim.
We don't know what IP that might be because we don't have access to
headers or logs. Regardless, it wants to check that the host sending
from this IP and claiming to be a-b.xyz is in fact a-b.xyz, so it does a
reverse DNS lookup on that address, which comes up empty.
SpamAssassin grumply assigns the message an RDNS_NONE label with a spam
weight of 1.3 and continues processing.
We cannot know from available data whether this SpamAssassin evaluation
is occurring during the SMTP handshake, or if that handshake is
happening and then headers are being set for SpamAssassin to get mad at.
If it's the latter, it's possible that something is munging those
headers before SpamAssassin gets its hands on the message.
However: even if it had looked up rDNS of an ACTUAL connection from a
machine that REALLY IS a-b.xyz, it still would have failed. a-b.xyz
resolves to 178.63.42.176. rDNS for that address is 'ten.a-b.xyz' --
which means even if everything else were on the level, this test would
still have failed (albeit with a different rule violation).
Generally speaking, a lot of these kinds of errors occur when someone
has put SpamAssassin too late in the incoming-mail processing pipeline,
which can cause it to process all kinds of headers that MDAs should care
about and SpamAssassin should not. For instance, if an MTA receives a
message, and hands it off to the MDA, and the MDA is configured to
bounce that mail to another MTA, you wind up with really weird headers
that occur twice or don't match up with other headers, sometimes leading
to RFC violations, which the secondary MTA runs through SpamAssassin,
marks as spam, then hands off to an MDA.
In other words, that SpamAssassin instance is misconfigured. Exactly
how is a fun detective puzzle where we have to extrapolate from absent
logs and headers.
khm
next prev parent reply other threads:[~2020-09-22 1:04 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-21 15:40 test kvik
2020-09-21 17:12 ` [9front] test Stanley Lieber
2020-09-21 17:16 ` hiro
2020-09-21 17:36 ` ori
2020-09-21 17:40 ` Stanley Lieber
2020-09-21 17:51 ` ori
2020-09-21 17:59 ` ori
2020-09-21 18:27 ` Kurt H Maier
2020-09-21 17:58 ` hiro
2020-09-21 18:42 ` Stanley Lieber
2020-09-21 21:40 ` hiro
2020-09-21 22:20 ` hiro
2020-09-22 12:57 ` Ethan Gardener
2020-09-22 13:12 ` hiro
2020-09-21 17:59 ` Lyndon Nerenberg
2020-09-21 17:54 ` *****SPAM***** " Stefan Hertenberger
2020-09-21 20:33 ` Kurt H Maier
2020-09-21 21:23 ` kvik
2020-09-21 21:36 ` Kurt H Maier
2020-09-21 21:42 ` kvik
2020-09-21 21:57 ` Kurt H Maier
2020-09-21 22:32 ` kvik
2020-09-22 1:04 ` Kurt H Maier [this message]
2020-09-21 22:16 ` hiro
2020-09-22 18:57 ` Stefan Hertenberger
2020-09-22 19:38 ` Kurt H Maier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200922010433.GG43872@wopr \
--to=khm@sciops.net \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).