Pound mailing list emails considered spam with spamassassin / Chris Morrow <cmorrow@verrus.com>

Hello all,

I am curious if anyone else's mail server is identifying the Pound mailing list
emails as spam? There are two issues (one major) which is leading to this
problem. If they can be resolved it would make a huge improvement. In the
meantime, I have white listed the domain.
 
Thanks,
Chris


1) RCVD_ILLEGAL_IP=3.196

Problem: In header we have "Received" line with invalid IP address Received:
from mail.apsis.ch (localhost [127.0.0.1])	by mail.apsis.ch. Please see this
link for more details: http://wiki.apache.org/spamassassin/Rules/RCVD_ILLEGAL_IP

Fix: Fix local DNS resolution so your internet routable IP is resolved instead
of localhost


2) RDNS_DYNAMIC=1

Problem: Mail arrived from the host with dynamical IP address Received: from
mail.apsis.ch (zux173-044.adsl.green.ch [80.254.173.44])

Fix: Acquire a static IP from your ISP.

Three example headers from a recent Pound mailing list email...

###################################
Example 1 headers:

X-Relayed-From: 80.254.173.44
X-Relayed-From-Added: Yes
X-Virus-Scanned: by amavisd-new at exmf021-ca-4.serverdata.net
X-Spam-Flag: YES
X-Spam-Score: 5.686
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.686 tagged_above=-999 required=5
	tests=[BOTNET_BADHELO=0.2, BOTNET_CLIENT=0.8, BOTNET_CLIENTWORDS=0.2,
	BOTNET_IPINHOSTNAME=0.2, BOTNET_SOHO=-0.01, CTASD_SPAM_UNKNOWN=-0.5,
	IMEDIA_FROM_NE_REPLYTO=0.3, IMEDIA_FROM_NE_RETPATH=0.3,
	RCVD_ILLEGAL_IP=3.196, RDNS_DYNAMIC=1]
X-Spam-CTCH-RefID: str=0001.0A090206.4B8CFDD6.008B:SCFSTAT9695306,ss=1,fgs=0
Received: from exmf021-ca-4.serverdata.net ([127.0.0.1])	by localhost
 (exmf021-ca-4.serverdata.net [127.0.0.1]) (amavisd-new, port 10024)	with
 ESMTP id vTFDMco-vYPn for <cmorrow(at)verrus.com>;	Tue,  2 Mar 2010
04:00:21
 -0800 (PST)
Received: from mail.apsis.ch (zux173-044.adsl.green.ch [80.254.173.44])	by
 exmf021-ca-4.serverdata.net (Postfix) with ESMTP id CAEAD97	for
 <cmorrow(at)verrus.com>; Tue,  2 Mar 2010 04:00:20 -0800 (PST)
Received: from mail.apsis.ch (localhost [127.0.0.1])	by mail.apsis.ch
 (Postfix) with ESMTP id D4DBED1B13;	Tue,  2 Mar 2010 12:55:08 +0100 (CET)
Received: from mail.apsis.ch (mail.apsis.ch [127.0.1.1])	by mail.apsis.ch
 (Postfix) with ESMTP id 356FDD1AF9;	Tue,  2 Mar 2010 12:53:10 +0100 (CET)
X-Original-To: pound(at)apsis.ch
Delivered-To: pound(at)apsis.ch
Received: from mail.apsis.ch (localhost [127.0.0.1])	by mail.apsis.ch
 (Postfix) with ESMTP id CCCBFD1B06	for <pound(at)apsis.ch>; Tue,  2 Mar
2010
 12:51:29 +0100 (CET)
Received: from mail-wy0-f177.google.com (mail-wy0-f177.google.com
 [74.125.82.177])	by mail.apsis.ch (Postfix) with ESMTP id A5C9BD1AF9	for
 <pound(at)apsis.ch>; Tue,  2 Mar 2010 12:51:28 +0100 (CET)
Received: by wyf23 with SMTP id 23so74860wyf.8        for
<pound(at)apsis.ch>;
 Tue, 02 Mar 2010 03:51:28 -0800 (PST)
Received: by 10.216.86.139 with SMTP id w11mr3863800wee.10.1267530688372;
        Tue, 02 Mar 2010 03:51:28 -0800 (PST)
Received: from ?192.168.1.60? (82-70-93-22.dsl.in-addr.zen.co.uk
 [82.70.93.22])        by mx.google.com with ESMTPS id
 g11sm14203216gve.23.2010.03.02.03.51.26        (version=TLSv1/SSLv3
 cipher=RC4-MD5);        Tue, 02 Mar 2010 03:51:27 -0800 (PST)
Date: Tue, 2 Mar 2010 11:51:48 +0000
From: Keith <keith(at)scott-land.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.7)
Gecko/20100111 Lightning/1.0b1 Thunderbird/3.0.1
MIME-Version: 1.0
To: <pound(at)apsis.ch>
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP
List-id: Pound Mailing List
List-post: <mailto:pound(at)apsis.ch>
Precedence: Bulk
Errors-to: pound-bounce(at)apsis.ch
List-Subscribe: <mailto:pound(at)apsis.ch?subject=subscribe>
List-Unsubscribe: <mailto:pound(at)apsis.ch?subject=unsubscribe>
Reply-To: <pound(at)apsis.ch>
Message-ID: <MailBoxer.1469.1267530690.42.pound(at)apsis.ch>
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
X-mailer: MailBoxer
Subject: [Pound Mailing List] Clarify procedure for multiple host headers in
pound.conf
X-Virus-Scanned: ClamAV using ClamSMTP
Return-Path: pound-bounce(at)apsis.ch
X-MS-Exchange-Organization-AuthSource: HUB021-CA-3.exch021.domain.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-SCL: 9

###################################

Example 2 headers:

X-Relayed-From: 80.254.173.44
X-Relayed-From-Added: Yes
X-Virus-Scanned: by amavisd-new at exmf021-ca-2.serverdata.net
X-Spam-Flag: YES
X-Spam-Score: 5.686
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.686 tagged_above=-999 required=5
	tests=[BOTNET_BADHELO=0.2, BOTNET_CLIENT=0.8, BOTNET_CLIENTWORDS=0.2,
	BOTNET_IPINHOSTNAME=0.2, BOTNET_SOHO=-0.01, CTASD_SPAM_UNKNOWN=-0.5,
	IMEDIA_FROM_NE_REPLYTO=0.3, IMEDIA_FROM_NE_RETPATH=0.3,
	RCVD_ILLEGAL_IP=3.196, RDNS_DYNAMIC=1]
X-Spam-CTCH-RefID: str=0001.0A090201.4B8DA6EA.01F6:SCFSTAT9695306,ss=1,fgs=0
Received: from exmf021-ca-2.serverdata.net ([127.0.0.1])	by localhost
 (exmf021-ca-2.serverdata.net [127.0.0.1]) (amavisd-new, port 10024)	with
 ESMTP id 5dyTAaqTz+wp for <cmorrow(at)verrus.com>;	Tue,  2 Mar 2010
16:01:45
 -0800 (PST)
Received: from mail.apsis.ch (zux173-044.adsl.green.ch [80.254.173.44])	by
 exmf021-ca-2.serverdata.net (Postfix) with ESMTP id 440C3B8	for
 <cmorrow(at)verrus.com>; Tue,  2 Mar 2010 16:01:45 -0800 (PST)
Received: from mail.apsis.ch (localhost [127.0.0.1])	by mail.apsis.ch
 (Postfix) with ESMTP id 7466DD1B11;	Wed,  3 Mar 2010 00:57:55 +0100 (CET)
Received: from mail.apsis.ch (mail.apsis.ch [127.0.1.1])	by mail.apsis.ch
 (Postfix) with ESMTP id 77CF3D1B01;	Wed,  3 Mar 2010 00:56:07 +0100 (CET)
X-Original-To: pound(at)apsis.ch
Delivered-To: pound(at)apsis.ch
Received: from mail.apsis.ch (localhost [127.0.0.1])	by mail.apsis.ch
 (Postfix) with ESMTP id 26C8DD1B06	for <pound(at)apsis.ch>; Wed,  3 Mar
2010
 00:54:10 +0100 (CET)
Received: from web84105.mail.mud.yahoo.com (web84105.mail.mud.yahoo.com
 [68.142.206.192])	by mail.apsis.ch (Postfix) with SMTP id 8377ED1B01	for
 <pound(at)apsis.ch>; Wed,  3 Mar 2010 00:54:08 +0100 (CET)
Received: (qmail 88119 invoked by uid 60001); 2 Mar 2010 23:54:07 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
t=1267574047; bh=SuyammjM7NhUt5SwjwIWcvr77a6ynDbpTI6VIURhUxI=;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type;
b=iCEJGnMAsepKR/mIGL7o48+NeFtoeVue6sY9RsatAFb859p2jpOcYiYpAq6iL3TKz9/8QBE2IzCKEGCMgdLV7SCjdn/TztWZB1zM8v+2nmRGnfDqhph00miKvM8fdw0lhewpfa1nHdo2cG/z1ekxMMCnW9WOgSssRbv/bw49Y64=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
 
h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type;
 
b=qeOvTumxQ0iBKAu+l1JMkxYTqQAiJof8RpkXXy+dfX+ZCjwHnGQDI41pjKKQI+cM0WI2+viFdILJGv/0hnnzok3NAW5ewRt64aNnnlBZ+EFbxAXouS/dmvycgoFT67nuK4IqdLjSxWELCaoBJeja4EqSxdVZVqtRmtkmdNIgEvY=;
X-YMail-OSG:
W5xcmbkVM1lmMAOAmvXFtHsdRUeB392r5WnJKRFWaOolLIzTWY9HAtsdDCKd1M_JTbXkpLQBZFWACKpyfcXcSz6wHLX4Z_BOS.AF0bCNbpJDZ.Cg7bni34iFzWi0FF1ffnMA9xc1xNqKUC4r6W_xSHoLRY1nk7H6p5OnVra3.e1VtnJj5gxd1WHxM3vxI8vY_Bqx6rvjMmDpiEJLh8UMj8zfgh3pRiI3YEoTQwNTgM1Urq7muwVCWoS7e7f.1ukMKYap9CQ8DM4aYz.ydzpNIvuizWC69tMwe1AdTTVkT8a9Gmvkixw_wrCzNEmJocQ40UdRlIC7
Received: from [71.96.73.8] by web84105.mail.mud.yahoo.com via HTTP; Tue, 02
 Mar 2010 15:54:07 PST
References: <20100302213843.8FE2ED1B06(at)mail.apsis.ch>
<MailBoxer.1472.1267570878.8.pound(at)apsis.ch>
<MailBoxer.1473.1267572435.12.pound(at)apsis.ch>
Date: Tue, 2 Mar 2010 15:54:07 -0800
From: Madhan Kanagavel <madhan(at)yahoo.com>
To: <pound(at)apsis.ch>
In-Reply-To: <MailBoxer.1473.1267572435.12.pound(at)apsis.ch>
MIME-Version: 1.0
X-Virus-Scanned: ClamAV using ClamSMTP
List-id: Pound Mailing List
List-post: <mailto:pound(at)apsis.ch>
Precedence: Bulk
Errors-to: pound-bounce(at)apsis.ch
List-Subscribe: <mailto:pound(at)apsis.ch?subject=subscribe>
List-Unsubscribe: <mailto:pound(at)apsis.ch?subject=unsubscribe>
Reply-To: <pound(at)apsis.ch>
Message-ID: <MailBoxer.1474.1267574054.62.pound(at)apsis.ch>
Content-Type: text/plain; charset="us-ascii"
X-mailer: MailBoxer
Subject: Re: [Pound Mailing List] Strange Issue with other HTTP methods
X-Virus-Scanned: ClamAV using ClamSMTP
Return-Path: pound-bounce(at)apsis.ch
X-MS-Exchange-Organization-AuthSource: HUB021-CA-2.exch021.domain.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-SCL: 9

###################################

Example 3 headers:

X-Relayed-From: 80.254.173.44
X-Relayed-From-Added: Yes
X-Virus-Scanned: by amavisd-new at exmf021-ca-2.serverdata.net
X-Spam-Flag: YES
X-Spam-Score: 5.686
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.686 tagged_above=-999 required=5
	tests=[BOTNET_BADHELO=0.2, BOTNET_CLIENT=0.8, BOTNET_CLIENTWORDS=0.2,
	BOTNET_IPINHOSTNAME=0.2, BOTNET_SOHO=-0.01, CTASD_SPAM_UNKNOWN=-0.5,
	IMEDIA_FROM_NE_REPLYTO=0.3, IMEDIA_FROM_NE_RETPATH=0.3,
	RCVD_ILLEGAL_IP=3.196, RDNS_DYNAMIC=1]
X-Spam-CTCH-RefID: str=0001.0A090207.4B6819EA.0023:SCFSTAT9695306,ss=1,fgs=0
Received: from exmf021-ca-2.serverdata.net ([127.0.0.1])	by localhost
 (exmf021-ca-2.serverdata.net [127.0.0.1]) (amavisd-new, port 10024)	with
 ESMTP id 8jgrqs4lApqL for <cmorrow(at)verrus.com>;	Tue,  2 Feb 2010
04:26:13
 -0800 (PST)
Received: from mail.apsis.ch (zux173-044.adsl.green.ch [80.254.173.44])	by
 exmf021-ca-2.serverdata.net (Postfix) with ESMTP id 76CDD80	for
 <cmorrow(at)verrus.com>; Tue,  2 Feb 2010 04:26:13 -0800 (PST)
Received: from mail.apsis.ch (localhost [127.0.0.1])	by mail.apsis.ch
 (Postfix) with ESMTP id EC66BD1B0B;	Tue,  2 Feb 2010 13:20:57 +0100 (CET)
Received: from mail.apsis.ch (mail.apsis.ch [127.0.1.1])	by mail.apsis.ch
 (Postfix) with ESMTP id 66C13D19C8;	Tue,  2 Feb 2010 13:19:31 +0100 (CET)
X-Original-To: pound(at)apsis.ch
Delivered-To: pound(at)apsis.ch
Received: from mail.apsis.ch (localhost [127.0.0.1])	by mail.apsis.ch
 (Postfix) with ESMTP id 625F7D1AFA	for <pound(at)apsis.ch>; Tue,  2 Feb
2010
 13:19:12 +0100 (CET)
Received: from [192.168.1.102] (unknown [192.168.1.102])	by mail.apsis.ch
 (Postfix) with ESMTP id 3F392D19C8	for <pound(at)apsis.ch>; Tue,  2 Feb
2010
 13:19:12 +0100 (CET)
From: Robert Segall <roseg(at)apsis.ch>
To: <pound(at)apsis.ch>
In-Reply-To: <MailBoxer.1424.1264685894.03.pound(at)apsis.ch>
References: <MailBoxer.1424.1264685894.03.pound(at)apsis.ch>
Organization: Apsis GmbH
Date: Tue, 2 Feb 2010 13:19:11 +0100
MIME-Version: 1.0
X-Virus-Scanned: ClamAV using ClamSMTP
List-id: Pound Mailing List
List-post: <mailto:pound(at)apsis.ch>
Precedence: Bulk
Errors-to: pound-bounce(at)apsis.ch
List-Subscribe: <mailto:pound(at)apsis.ch?subject=subscribe>
List-Unsubscribe: <mailto:pound(at)apsis.ch?subject=unsubscribe>
Reply-To: <pound(at)apsis.ch>
Message-ID: <MailBoxer.1430.1265113152.98.pound(at)apsis.ch>
Content-Type: text/plain; charset="utf-8"
X-mailer: MailBoxer
Subject: Re: [Pound Mailing List] patch for telling users about https
X-Virus-Scanned: ClamAV using ClamSMTP
Content-Transfer-Encoding: quoted-printable
Return-Path: pound-bounce(at)apsis.ch
X-MS-Exchange-Organization-AuthSource: HUB021-CA-3.exch021.domain.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-SCL: 9

Re: [Pound Mailing List] Pound mailing list emails considered spam with spamassassin
"Simon Matter" <simon.matter(at)invoca.ch>

2010-03-03 23:26:31

[ FULL ]

> Hello all,[...]

With Spamassassin 3.3.0 I get 1.5 points and I also see RCVD_IN_RP_RNBL
and RDNS_DYNAMIC. However, with 1.5 points it's not considered spam.
[...]

I'm not sure what exactly SA finds here but I guess it's this one:
Received: from mail.apsis.ch (mail.apsis.ch [127.0.1.1])
     by mail.apsis.ch (Postfix) with ESMTP id 972E5D1AF9;
     Wed, 3 Mar 2010 20:57:55 +0100 (CET)

127.0.1.1 seems to resolve to mail.apsis.ch which looks a bit "interesting".

All other "received by localhost" headers look quite normal to me,
resulting from servers listening on loopback for filters and such.
[...]

Hm, the only thing to fix here is Spamassassin. SA just guesses and it
does it wrong.

Regards,
Simon
[...]