SA Bugzilla – Bug 5926
disable RDNS_NONE rule for IBM Lotus Domino
Last modified: 2008-07-11 03:08:58 UTC
Created attachment 4338 [details] full message that triggered the RDNS_NONE rule I received a message that got a false positive on the RDNS_NONE rule. Here is the header in question. Received: from e33.co.us.ibm.com ([32.97.110.151]) by ax7.axolotl.com (Lotus Domino Release 7.0.3) with ESMTP id 2008061811175473-72054 ; Wed, 18 Jun 2008 11:17:54 -0700 Here are the relevant lines from the debugging output. [5504] dbg: rules: ran header rule __RDNS_NONE ======> got hit: "[ ip=32.97.110.151 rdns= " [5504] dbg: check: tests=BAYES_20,RDNS_NONE,UNRESOLVED_TEMPLATE [5504] dbg: check: subtests=__CT,__CT_TEXT_PLAIN,__DOS_HAS_ANY_URI,__DOS_RCVD_WED,__DOS_RELAYED_EXT,__HAS_ANY_EMAIL,__HAS_ANY_URI,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__LAST_UNTRUSTED_RELAY_NO_AUTH,__MANY_RECIPS,__MIME_VERSION,__MISSING_REF,__MSGID_OK_HOST,__NAKED_TO,__NONEMPTY_BODY,__RDNS_NONE,__SANE_MSGID,__SARE_PHONE_NUM,__SARE_URI_ANY,__SARE_WHITELIST_FLAG,__TOCC_EXISTS,__TVD_BODY,__TVD_MIME_ATT_TP There is an rDNS entry for the IP address. C:\>nslookup 32.97.110.151 Server: sjcdc1.axolotl.com Address: 10.1.8.205 Name: e33.co.us.ibm.com Address: 32.97.110.151
I believe that what's going on is that the server at ax7.axolotl.com is not properly putting the rdns information in the Received header. The __RDNS_NONE rule parses the Received header, and does not do a rdns lookup itself. Compare this header Received: from e33.co.us.ibm.com ([32.97.110.151]) by ax7.axolotl.com (Lotus Domino Release 7.0.3) with this one: Received: from d03relay04.boulder.ibm.com (d03relay04.boulder.ibm.com [9.17.195.106]) by e33.co.us.ibm.com (8.13.8/8.13.8) with ESMTP id m5IIHrwJ004657 The server that created the second Received header placed the rdns information inside the parentheses, before the ip address. Note that if you fix the 32.97.110.151 Received header, the RDNS_NONE rule is still triggered by Received: from ax7.axolotl.com ([63.241.71.50]) by AX1.axolotl.com (Lotus Domino Release 7.0.3) because ax1.axolotl.com has the same problem. SpamAssassin seems to stop checking for RDNS_NONE after the first one that it notices. I think that this bug can be closed as WORKSFORME and you need to look at the server configuration at axolotl.com, but I'm a bit outside my area of expertise so I will leave this open to give someone a chance to jump in to tell me if I've made a mistake in my analysis.
(In reply to comment #1) > I think that this bug can be closed as WORKSFORME and you need to look at the > server configuration at axolotl.com, but I'm a bit outside my area of expertise > so I will leave this open to give someone a chance to jump in to tell me if > I've made a mistake in my analysis. If it's possible to turn on rDNS lookups in the MTA configuration on ax7.axolotl.com, then yes, I agree with Sidney. (if you can't do that for some administrative reason, then "score RDNS_NONE 0" would be appropriate.) if however it's a builtin limitation of Domino r7.0.3 that it cannot perform rDNS lookups, then we could consider adding an exception from RDNS_NONE for that MTA...
Sorry, I misunderstood the RDNS_NONE rule and thought that SpamAssassin would do the lookup itself rather than just parsing the Received header. As far as I can tell IBM Lotus Domino 7.0.3 will not automatically insert rDNS information into a Received header, so perhaps it would be best to add that as a special case to the RDNS_NONE rule. Is there any formal documentation on how rDNS information is supposed to be included in a Received header? I think the general requirement is covered by RFC 2505, but it doesn't specify a particular format. If Domino isn't doing what it's supposed to then I would like to open a formal support incident with IBM, but I need to tell them exactly what it should be doing.
(In reply to comment #3) > Sorry, I misunderstood the RDNS_NONE rule and thought that SpamAssassin would > do the lookup itself rather than just parsing the Received header. As far as I > can tell IBM Lotus Domino 7.0.3 will not automatically insert rDNS information > into a Received header, so perhaps it would be best to add that as a special > case to the RDNS_NONE rule. ok. can you provide more samples of Domino 7.0.3 Received: line formats? > Is there any formal documentation on how rDNS information is supposed to be > included in a Received header? I think the general requirement is covered by > RFC 2505, but it doesn't specify a particular format. If Domino isn't doing > what it's supposed to then I would like to open a formal support incident with > IBM, but I need to tell them exactly what it should be doing. http://wiki.apache.org/spamassassin/EnvelopeSenderInReceived is the nearest thing we have to a documented, recommended Received: header format. it matches what is the nearest thing to a de-facto standard. thanks!
(In reply to comment #4) > ok. can you provide more samples of Domino 7.0.3 Received: line formats? Here are few examples of Received headers extracted from recent messages. In these examples, both ax1.axolotl.com and ax7.axolotl.com are running Domino 7.0.3. Example 1: Received: from ax7.axolotl.com ([63.241.71.50]) by AX1.axolotl.com (Lotus Domino Release 7.0.3) with ESMTP id 2008062321122608-167990 ; Mon, 23 Jun 2008 21:12:26 -0700 Received: from an-out-0910.google.com ([209.85.132.191]) by ax7.axolotl.com (Lotus Domino Release 7.0.3) with ESMTP id 2008062321122538-95836 ; Mon, 23 Jun 2008 21:12:25 -0700 Received: by an-out-0910.google.com with SMTP id c25so65685154anc.4 for <nradov@axolotl.com>; Mon, 23 Jun 2008 21:12:24 -0700 (PDT) Example 2: Received: from ax7.axolotl.com ([63.241.71.50]) by AX1.axolotl.com (Lotus Domino Release 7.0.3) with ESMTP id 2008062409262788-172004 ; Tue, 24 Jun 2008 09:26:27 -0700 Received: from capricorn.notesdev.ibm.com ([205.159.212.202]) by ax7.axolotl.com (Lotus Domino Release 7.0.3) with ESMTP id 2008062409262686-98056 ; Tue, 24 Jun 2008 09:26:26 -0700 Example 3: Received: from ax7.axolotl.com ([63.241.71.50]) by AX1.axolotl.com (Lotus Domino Release 7.0.3) with ESMTP id 2008062409150082-171923 ; Tue, 24 Jun 2008 09:15:00 -0700 Received: from www3.centraldesktop.com ([66.226.4.171]) by ax7.axolotl.com (Lotus Domino Release 7.0.3) with ESMTP id 2008062409150032-98001 ; Tue, 24 Jun 2008 09:15:00 -0700 Received: from www3.centraldesktop.com (localhost.centraldesktop.com [127.0.0.1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by www3.centraldesktop.com (Postfix) with ESMTPS id D64485C57 for <nradov@axolotl.com>; Tue, 24 Jun 2008 09:14:59 -0700 (PDT) Received: by www3.centraldesktop.com (Postfix, from userid 80) id 8B9B15C4F; Tue, 24 Jun 2008 09:14:59 -0700 (PDT) Example 4: Received: from ax7.axolotl.com ([63.241.71.50]) by AX1.axolotl.com (Lotus Domino Release 7.0.3) with ESMTP id 2008062401551715-169306 ; Tue, 24 Jun 2008 01:55:17 -0700 Received: from brutus.apache.org ([140.211.11.140]) by ax7.axolotl.com (Lotus Domino Release 7.0.3) with ESMTP id 2008062401551563-96558 ; Tue, 24 Jun 2008 01:55:15 -0700 Received: by brutus.apache.org (Postfix, from userid 33) id 572CD234C149; Tue, 24 Jun 2008 01:55:15 -0700 (PDT) Hopefully that is enough information for you to update the rule. I can supply more examples if you like.
(In reply to comment #4) > http://wiki.apache.org/spamassassin/EnvelopeSenderInReceived is the nearest > thing we have to a documented, recommended Received: header format. it matches > what is the nearest thing to a de-facto standard. > thanks! Is there really nothing more definitive than that page? It seems to address a somewhat different topic rather than directly covering rDNS. I don't think I can reasonably take it to IBM and ask for a fix.
(In reply to comment #6) > Is there really nothing more definitive than that page? It seems to address a > somewhat different topic rather than directly covering rDNS. I don't think I > can reasonably take it to IBM and ask for a fix. I'm afraid that seems to be it :(
updated the summary to better reflect the proposed change
lots more samples: http://www.google.com/search?aq=f&hl=en&q="Received%3A+from"+"Lotus+Domino"+"From%3A"+"To%3A"+"Subject%3A"+"with+ESMTP+id"&btnG=Search fix now in trunk: : jm 207...; svn commit -m "bug 5926: disable RDNS_NONE for Lotus Domino, it never performs rDNS lookups" Sending lib/Mail/SpamAssassin/Message/Metadata/Received.pm Sending rules/20_dynrdns.cf Adding t.rules/RDNS_NONE Adding t.rules/RDNS_NONE/fp_bug5926_ex1 Adding t.rules/RDNS_NONE/fp_bug5926_ex2 Adding t.rules/RDNS_NONE/fp_bug5926_ex3 Adding t.rules/RDNS_NONE/fp_bug5926_ex4 Transmitting file data ...... Committed revision 675902.