NO_DNS_FOR_FROM

Alan mailscanner at ELKNET.NET
Thu Oct 14 19:10:24 IST 2004 

On Wed, 13 Oct 2004 16:37:35 -0400, Matt Kettler <mkettler at EVI-INC.COM> wrote:

>Hmm.. question for you.. Can you run a message through spamassassin -D?
>
>Specifically I'm looking for "cannot trust envelope-from" debug messages.
>
>After doing some digging, SA 3.0 only applies this test to "envelope" type
>headers... X-Sender,X-Envelope-From, Return-Path, Envelope-Sender.

Yep, I had just read the same thing regarding SA3. I had gone and read the
change log on that bugzilla entry when I read this:
"- changes NO_DNS_FOR_FROM to use envelope sender instead of From: header"

That tipped me off right away as to what might have happened.

I have run a spam through spamassassin manually that I know should have a
hit on NO_DNS_FOR_FROM. I think these are the relavant log entries you are
looking for: (just to explain my configuration, all incoming mail is
recieved by my smtp server named 'lyta.elknet.net' who has an external ip of
216.114.28.6 This smtp server in turn uses its internal interface
(64.83.161.4 known as lyta2.elknet.met) to hand off email to be scanned to
my MS server, bester.elknet.net with an ip of 64.83.161.26. So, once
reaching my network, the headers should show it received by lyta, then given
to bester by lyta2. Lyta, lyta2, and bester are all internal trusted servers
on my network.

debug: received-header: parsed as [ ip=64.83.161.26 rdns=unverified
helo=bester.elknet.net by=mail.elknet.net ident= envfrom= intl=0
id=B0113994204 at mail.elknet.net ]
debug: dns_available set to yes in config file, skipping test
debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.48
debug: looking up PTR record for '64.83.161.4'
debug: PTR for '64.83.161.4': 'lyta2.elknet.net'
debug: received-header: parsed as [ ip=64.83.161.4 rdns=lyta2.elknet.net
helo=lyta.elknet.net by=bester.elknet.net ident= envfrom= intl=0
id=1CHn5W-0008Iu-Dk ]
debug: received-header: parsed as [ ip=221.92.189.45 rdns=unverified
helo=YahooBB221092189045.bbtec.net by=lyta ident= envfrom= intl=0
id=B0015887826 at lyta ]
debug: IP is reserved, not looking up PTR: 240.192.228.234
debug: received-header: parsed as [ ip=240.192.228.234 rdns=
helo=%RECEIVED.poiuy.net by=221.92.189.45 ident= envfrom= intl=0 id= ]
debug: looking up A records for 'mail.elknet.net'
debug: A records for 'mail.elknet.net': 64.83.161.25
debug: received-header: 'from' 64.83.161.26 is near to first 'by'
debug: received-header: relay 64.83.161.26 trusted? yes internal? no
debug: received-header: 'from' 64.83.161.4 is near to first 'by'
debug: received-header: relay 64.83.161.4 trusted? yes internal? no
debug: looking up A records for 'lyta'
debug: A records for 'lyta':
debug: received-header: relay 221.92.189.45 trusted? no internal? no
debug: received-header: relay 240.192.228.234 trusted? no internal? no
debug: metadata: X-Spam-Relays-Trusted: [ ip=64.83.161.26 rdns=unverified
helo=bester.elknet.net by=mail.elknet.net ident= envfrom= intl=0
id=B0113994204 at mail.elknet.net ] [ ip=64.83.161.4 rdns=lyta2.elknet.net
helo=lyta.elknet.net by=bester.elknet.net ident= envfrom= intl=0
id=1CHn5W-0008Iu-Dk ]
debug: metadata: X-Spam-Relays-Untrusted: [ ip=221.92.189.45 rdns=unverified
helo=YahooBB221092189045.bbtec.net by=lyta ident= envfrom= intl=0
id=B0015887826 at lyta ] [ ip=240.192.228.234 rdns= helo=%RECEIVED.poiuy.net
by=221.92.189.45 ident= envfrom= intl=0 id= ]


>
>
>One thing you might consider changing, providing you don't depend on the
>header, is in MailScanner.conf:
>
>         #Envelope From Header = X-MailScanner-From:
>         Envelope From Header = X-Envelope-From:
>
>SA doesn't recognize the default setting, but does recognize X-Envelope-From.
>
>Optionally you could try patching PerMsgStatus.pm to recognize
>X-MailScanner-From, but that's a bit silly.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

More information about the MailScanner mailing list