Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Spamassassin RDNS in Kerio (Spamassassin RDNS rule creates false positives)
  •  
mactech

Messages: 19
Karma: 0
Send a private message to this user
Background:
I decided to add a higher spam score to messages from hosts without RDNS using the spamassassin local.cf.
/usr/local//kerio/mailserver/plugins/spamassassin/rules/local.cf

The default score is 0.

Upon changing the score to 7 with a reject threshold of 8.5 I found out that virtually every mail fails the RDNS test.

Spamassassin seems to trust the Received: headers injected by the MTA, but even with all these headers containing an IP and valid RDNS query result, it seems to trigger a hit in the RDNS rule.

Here an email I received this morning from the Apple Store in SoHo, NYC:
Return-Path: <sohobusiness-spam<_at_>apple.com>
X-Spam-Status: No, hits=1.3 required=4.5
	tests=AWL: -0.941,BAYES_00: -1.665,HTML_MESSAGE: 0.001,
	RDNS_NONE: 4,TOTAL_SCORE: 1.395,autolearn=no
X-Spam-Level: *
Received: from mail-out3.apple.com ([17.xx.13.22])
	by server.mac-tech.net (Kerio Connect 7.1.0 beta 3)
	(using TLSv1/SSLv3 with cipher AES256-SHA (256 bits))
	for florian<_at_>mydomain.net;
	Mon, 5 Jul 2010 13:18:30 -0400
Received: from relay11.apple.com (relay11.apple.com [17.xx.113.48])
	by mail-out3.apple.com (Postfix) with ESMTP id 4224B9BD3B7D
	for <florian<_at_>mydomain.net>; Mon,  5 Jul 2010 10:18:29 -0700 (PDT)


I looked around on the spamassassin project wiki, but I cannot seem to find a way to edit the way spamassassin parses the headers. It appears that SA's code very much depends on what MTA is used, because every MTA seems to inject these Received: headers in a different way/syntax. As of now, the Kerio MTA's headers do not seem to comply with what spamassassin expects.

Any ideas?

[Updated on: Mon, 05 July 2010 23:51]

  •  
freakinvibe

Messages: 1529
Karma: 60
Send a private message to this user
There is a reason why Kerio set RDNS to 0. For us, the RDNS check fails on every e-mail and we see a "RDNS_NONE: 0" in every header. So I would suggest to just leave it on 0.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
The RDNS_NONE test is hard enough to get working on a vanilla SpamAssassin setup. I suggest - like freakinvibe - to just leave the score at zero.
  •  
mactech

Messages: 19
Karma: 0
Send a private message to this user
Thanks, I know it is set to 0 and I now know why. However RDNS compliance is a tool I'd like to be able to use for SPAM prevention. All there is to it is a functioning regular expression parser that deals with that particular header the way Kerio implements it. If I weren't useless at perl, I'd give it a go myself.
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Mail servers write Received: headers in many ways, and almost every one of them is different from the next. On top of that you need to configure all your trusted relays in local.cf since the RDNS rule is using the info to help parse the headers.

See http://wiki.apache.org/spamassassin/TrustedRelays

It's not hard to see why Kerio left the RDNS_NONE rule out of the config. It's practically impossible to configure this bit in SA on behalf of the user, who in turn often have no clue about the network configuration.

Provided Kerio honours the trusted_networks setting in local.cf, it's doable. It will likely take some rading, head scratching and experimentation first though ...
Previous Topic: weird auth issues with 7.0.1 & OS X 10.6 Server & Kerberos
Next Topic: Sharing child folders
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Sep 24 12:22:11 CEST 2017

Total time taken to generate the page: 0.00453 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.