[imp] [patch] Configurable Received: header behavior

Aleksandar Milivojevic amilivojevic at pbl.ca
Wed Feb 9 08:41:24 PST 2005 

Thomas Bolioli wrote:
> One thing that may be of interest. This seems to only be a problem when 
> IMP sends mail using a local sendmail binary (possibly even only one 
> that is a postfix install masquerading as sendmail...) and not when it 
> relays off a localhost via SMTP. It appears the spam filters may not be 
> the problem here afterall.
> See examples. FYI: I obfuscated certain emails and the one for my alumni 
> account is redirected to xxx3. Lastly, there is a slight version 
> difference between the two. One is from 4.0 and the other 4.0.1. Not 
> sure if that even makes a difference.
> Tom
> 
> While going through /usr/bin/sendmail->
> 
[snip]
> Received: by smtp.terranovum.com (Postfix, from userid 72)
>    id A653E3E715F; Wed,  5 Jan 2005 18:58:04 -0500 (EST)
> Received: from 209-6-223-56.c3-0.wtr-ubr1.sbo-wtr.ma.cable.rcn.com
>    (209-6-223-56.c3-0.wtr-ubr1.sbo-wtr.ma.cable.rcn.com [209.6.223.56]) by
>    wmbeta.terranovum.com (Horde) with HTTP for
>    <xxx1 at wmbeta.terranovum.com>; Wed,  5 Jan 2005 18:58:04 -0500
[snip]
> X-Spam-Report:
>    *  0.0 NO_REAL_NAME From: does not include a real name
>    *  3.5 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname 
> (IP addr 2)
>    *  3.7 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)
>    *  0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
>    *      [score: 0.4999]

This seems more like bug in SpamAssassin, or Postfix, or your local 
configuration, or any combination of three.  In this case, there was no 
HELO information.  Postfix got mail by direct invocation (non-SMTP 
method), but for some reason, SpamAssassin performed check on HELO/EHLO 
argument (that never existed in the first place).  The two checks are 
checking if argument for HELO or EHLO looked like IP address or host 
name, and if it was present at all.  My guess is that SpamAssassin was 
fed with empty string.

Basically, this is the only difference between your two cases.  In first 
case, HELO/EHLO was never performed.  In second case it was perfomed 
(most likely as "HELO 127.0.0.1", or "HELO localhost", or "HELO 
localhost.localdomain" (RedHattish systems)).  If SpamAssassin was 
running on remote host (instead of local host, like in your example), 
you would not see any difference between the two cases you presented.

My guess is that you would get same result if you do something like

/usr/bin/sendmail -f user at foobar.com -t < "email_with_headers"

This really hasn't anything to do with IMP.  The problem is with either 
SpamAssassin, Postfix or your local configuration.

-- 
Aleksandar Milivojevic <amilivojevic at pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7

More information about the imp mailing list