Helmut Schneider
2016-04-13 07:37:03 UTC
Hi,
mail:~$ amavisd-new -V
amavisd-new-2.7.1 (20120429)
***@desogmail01:~$ spamassassin -V
SpamAssassin version 3.4.0
running on Perl version 5.18.2
mail:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.4 LTS
Release: 14.04
Codename: trusty
mail:~$
When I run SA from within amavisd-new, ALL_TRUSTED is always true. When
I check the same mail from command line with SA, ALL_TRUSTED is false.
Where can I start to search the issue? I already replaced 2.7.1 with
2.10.1 with the same result.
With amavisd-new:
Received: from XXX ([172.20.8.31])
by XXX (IBM Domino Release 9.0.1FP4)
with ESMTP id 2016041115014726-193867 ;
Mon, 11 Apr 2016 15:01:47 +0200
Received: from localhost (localhost [127.0.0.1])
by XXX (Postfix) with ESMTP id 3BD0618E
for <XXX>; Mon, 11 Apr 2016 15:01:43 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at XXX
X-Spam-Flag: NO
X-Spam-Score: 5.607
X-Spam-Level: *****
X-Spam-Status: No, score=5.607 tagged_above=-9999 required=6.3
tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377, INTERNETX_UCE=5,
MIME_HTML_ONLY=0.723, MISSING_MID=0.497, SPF_HELO_PASS=-0.001,
T_HEADER_FROM_DIFFERENT_DOMAINS=0.01] autolearn=no autolearn_force=no
Authentication-Results: XXX (amavisd-new);
domainkeys=neutral (2048-bit key) reason="invalid (bad identity)"
header.sender=***@ncrprop.biz
header.d=ncrprop.biz; dkim=pass (2048-bit key) header.d=ncrprop.biz
Received: from XXX ([127.0.0.1])
by localhost (XXX [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id rzCBYBjiHHbC for <XXX>;
Mon, 11 Apr 2016 15:01:32 +0200 (CEST)
Received: from XXX (XXX [172.20.12.10])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by XXX (Postfix) with ESMTPS
for <XXX>; Mon, 11 Apr 2016 15:01:32 +0200 (CEST)
Received: from mail6.bemta5.messagelabs.com
(mail6.bemta5.messagelabs.com [195.245.231.135])
by XXX (Postfix) with ESMTP id 63B4C335
for <XXX>; Mon, 11 Apr 2016 15:01:32 +0200 (CEST)
Received: from [85.158.139.19] by server-11.bemta-5.messagelabs.com id
BD/80-27787-C20AB075; Mon, 11 Apr 2016 13:01:32 +0000
[...]
X-Env-Sender: ***@ncrprop.biz
X-Msg-Ref: server-12.tower-178.messagelabs.com!1460379690!32840337!1
X-Originating-IP: [103.208.153.18]
X-SpamReason: No, hits=2.7 required=7.0 tests=msgid: No Message-ID,
HTML_60_70,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,
received_headers: No Received headers
X-StarScan-Received:
X-StarScan-Version: 8.28; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 4785 invoked from network); 11 Apr 2016 13:01:31 -0000
Received: from unknown (HELO ns2.Host1.yourdomainname.com)
(103.208.153.18)
by server-12.tower-178.messagelabs.com with SMTP; 11 Apr 2016
13:01:31 -0000
X-Sender: "Sonam Singh"
<***@lead2loan.win>
X-Receiver: XXX
DomainKey-Signature: a=rsa-sha1; c=simple; d=ncrprop.biz;
h=From:To:Subject; q=dns; s=jsmtp
;
b=j8TzR3hoYHUafVg9yI0iyVfuGnrFlWf3/D8TdvVWoHxShJW6kPhZkgAAPzynTB79KtzOJb
adDxZ437AC+/dePYCtQx5DLVSuPNGGP8l/B0HgkVZ7gs8Rlbv1SlbTEEDFPkIDhhBzBCgy2f
ORIToDXhJVd4fW+NeIeReZ2ZCHcjD6AxMcac/2uIniGz34CHWqkellaF+ckP3p/LrTt+R8Ua
bKqG/mqOq+Rbxea1Poam6ORIAYhAekOrhQchzsVXC7jvc0eSWJB6F2CLGoxQEEwzqbAcc1Fc
nzFPi2Ps6JW3hJ9vyMEtSK6j0wPkj/hsdR71NnBfDGfs4E9roRuYw0lQ==;
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=ncrprop.biz;
h=From:To:Subject;
q=dns/txt; s=jsmtp ; t=1460379276;
bh=A9wE/QPGFnmy8ntNIHK6uqqeU/Q=;
b=Rp+RKP73ntQxhIU0tNJyX4RW1N2yLciYAC9+rK+Be0UO1qHPBBl/W+6on/Xtz/cXlBYdyY
evEsLtIVz4vNkbsBlwGLDmk8YTuwMesYxbqSuJyWy0AyAZZJrRVt7W5RfCSk7Q4zKlLSyds/
JWXzJVHYzB4VFbDKaQz+IggX+HRl9pYjthdl8harDbdLndsdFcp2WH0WoA9jQi6J40R3xHyr
h/q97ra7RTxYGcN1LUCEweUqD4hJ13/SfKUeFJriL48gXL3c4Tjs4IhF/r+1G+b11Vduano1
LVjZzup5Bf7MtlcqL7kI1bKZykH41ANfQGivGalIr1ucSVG7qgquzopg==
MIME-Version: 1.0
Sender: ***@ncrprop.biz
From: "Sonam Singh"
<***@lead2loan.win>
To: XXX
Reply-To: "Sonam Singh"
<***@dhomez.win>
Date: 11 Apr 2016 18:24:36 +0530
Subject: Need approval to move forward
Priority: normal
Importance: High
X-MIMETrack: Itemize by SMTP Server on XXX(Release 9.0.1FP4|June 07,
2015) at
11.04.2016 15:01:47,
Serialize by Notes Client on XXX(Release 9.0.1FP1
SHF309|June 12, 2014) at 11.04.2016 16:42:03,
Serialize complete at 11.04.2016 16:42:03
X-TNEFEvaluated: 1
Message-ID: <OFFA77A0A6.52A9A4D2-***@LocalDomain>
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset=Windows-1252
From command line:
[...]
Apr 13 09:33:39.182 [5285] dbg: metadata: X-Spam-Relays-Untrusted: [
ip=193.109.254.103 rdns=mail6.bemta14.messagelabs.com
helo=mail6.bemta14.messagelabs.com by=mail2.hoerbiger.com ident=
envfrom= intl=0 id=0423F30E auth= msa=0 ] [ ip=85.158.140.195 rdns=
helo= by=server-10.bemta-14.messagelabs.com ident= envfrom= intl=0
id=04/85-02972-8943C075 auth= msa=0 ] [ ip=104.47.100.68
rdns=mail-ma1ind01on0068.outbound.protection.outlook.com
helo=IND01-MA1-obe.outbound.protection.outlook.com
by=server-9.tower-193.messagelabs.com ident= envfrom= intl=0 id= auth=
msa=0 ] [ ip=115.114.122.40 rdns=115.114.122.40 helo=115.114.122.40
by=BM1PR01MB0596.INDPRD01.PROD.OUTLOOK.COM ident= envfrom= intl=0
id=15.1.453.26 auth= msa=0 ] [ ip=115.114.122.40 rdns= helo= by= ident=
envfrom= intl=0 id= auth= msa=0 ]
[...]
Content analysis details: (6.1 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.5 RCVD_IN_DNSWL_MED RBL: Sender listed at
http://www.dnswl.org/, medium
trust
[193.109.254.103 listed in list.dnswl.org]
0.9 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in
DNS
1.2 RCVD_NUMERIC_HELO Received: contains an IP address used for
HELO
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
1.5 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily valid
1.4 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not
valid
1.5 FSL_HELO_BARE_IP_2 No description available.
mail:~$ amavisd-new -V
amavisd-new-2.7.1 (20120429)
***@desogmail01:~$ spamassassin -V
SpamAssassin version 3.4.0
running on Perl version 5.18.2
mail:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.4 LTS
Release: 14.04
Codename: trusty
mail:~$
When I run SA from within amavisd-new, ALL_TRUSTED is always true. When
I check the same mail from command line with SA, ALL_TRUSTED is false.
Where can I start to search the issue? I already replaced 2.7.1 with
2.10.1 with the same result.
With amavisd-new:
Received: from XXX ([172.20.8.31])
by XXX (IBM Domino Release 9.0.1FP4)
with ESMTP id 2016041115014726-193867 ;
Mon, 11 Apr 2016 15:01:47 +0200
Received: from localhost (localhost [127.0.0.1])
by XXX (Postfix) with ESMTP id 3BD0618E
for <XXX>; Mon, 11 Apr 2016 15:01:43 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at XXX
X-Spam-Flag: NO
X-Spam-Score: 5.607
X-Spam-Level: *****
X-Spam-Status: No, score=5.607 tagged_above=-9999 required=6.3
tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377, INTERNETX_UCE=5,
MIME_HTML_ONLY=0.723, MISSING_MID=0.497, SPF_HELO_PASS=-0.001,
T_HEADER_FROM_DIFFERENT_DOMAINS=0.01] autolearn=no autolearn_force=no
Authentication-Results: XXX (amavisd-new);
domainkeys=neutral (2048-bit key) reason="invalid (bad identity)"
header.sender=***@ncrprop.biz
header.d=ncrprop.biz; dkim=pass (2048-bit key) header.d=ncrprop.biz
Received: from XXX ([127.0.0.1])
by localhost (XXX [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id rzCBYBjiHHbC for <XXX>;
Mon, 11 Apr 2016 15:01:32 +0200 (CEST)
Received: from XXX (XXX [172.20.12.10])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by XXX (Postfix) with ESMTPS
for <XXX>; Mon, 11 Apr 2016 15:01:32 +0200 (CEST)
Received: from mail6.bemta5.messagelabs.com
(mail6.bemta5.messagelabs.com [195.245.231.135])
by XXX (Postfix) with ESMTP id 63B4C335
for <XXX>; Mon, 11 Apr 2016 15:01:32 +0200 (CEST)
Received: from [85.158.139.19] by server-11.bemta-5.messagelabs.com id
BD/80-27787-C20AB075; Mon, 11 Apr 2016 13:01:32 +0000
[...]
X-Env-Sender: ***@ncrprop.biz
X-Msg-Ref: server-12.tower-178.messagelabs.com!1460379690!32840337!1
X-Originating-IP: [103.208.153.18]
X-SpamReason: No, hits=2.7 required=7.0 tests=msgid: No Message-ID,
HTML_60_70,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,
received_headers: No Received headers
X-StarScan-Received:
X-StarScan-Version: 8.28; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 4785 invoked from network); 11 Apr 2016 13:01:31 -0000
Received: from unknown (HELO ns2.Host1.yourdomainname.com)
(103.208.153.18)
by server-12.tower-178.messagelabs.com with SMTP; 11 Apr 2016
13:01:31 -0000
X-Sender: "Sonam Singh"
<***@lead2loan.win>
X-Receiver: XXX
DomainKey-Signature: a=rsa-sha1; c=simple; d=ncrprop.biz;
h=From:To:Subject; q=dns; s=jsmtp
;
b=j8TzR3hoYHUafVg9yI0iyVfuGnrFlWf3/D8TdvVWoHxShJW6kPhZkgAAPzynTB79KtzOJb
adDxZ437AC+/dePYCtQx5DLVSuPNGGP8l/B0HgkVZ7gs8Rlbv1SlbTEEDFPkIDhhBzBCgy2f
ORIToDXhJVd4fW+NeIeReZ2ZCHcjD6AxMcac/2uIniGz34CHWqkellaF+ckP3p/LrTt+R8Ua
bKqG/mqOq+Rbxea1Poam6ORIAYhAekOrhQchzsVXC7jvc0eSWJB6F2CLGoxQEEwzqbAcc1Fc
nzFPi2Ps6JW3hJ9vyMEtSK6j0wPkj/hsdR71NnBfDGfs4E9roRuYw0lQ==;
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=ncrprop.biz;
h=From:To:Subject;
q=dns/txt; s=jsmtp ; t=1460379276;
bh=A9wE/QPGFnmy8ntNIHK6uqqeU/Q=;
b=Rp+RKP73ntQxhIU0tNJyX4RW1N2yLciYAC9+rK+Be0UO1qHPBBl/W+6on/Xtz/cXlBYdyY
evEsLtIVz4vNkbsBlwGLDmk8YTuwMesYxbqSuJyWy0AyAZZJrRVt7W5RfCSk7Q4zKlLSyds/
JWXzJVHYzB4VFbDKaQz+IggX+HRl9pYjthdl8harDbdLndsdFcp2WH0WoA9jQi6J40R3xHyr
h/q97ra7RTxYGcN1LUCEweUqD4hJ13/SfKUeFJriL48gXL3c4Tjs4IhF/r+1G+b11Vduano1
LVjZzup5Bf7MtlcqL7kI1bKZykH41ANfQGivGalIr1ucSVG7qgquzopg==
MIME-Version: 1.0
Sender: ***@ncrprop.biz
From: "Sonam Singh"
<***@lead2loan.win>
To: XXX
Reply-To: "Sonam Singh"
<***@dhomez.win>
Date: 11 Apr 2016 18:24:36 +0530
Subject: Need approval to move forward
Priority: normal
Importance: High
X-MIMETrack: Itemize by SMTP Server on XXX(Release 9.0.1FP4|June 07,
2015) at
11.04.2016 15:01:47,
Serialize by Notes Client on XXX(Release 9.0.1FP1
SHF309|June 12, 2014) at 11.04.2016 16:42:03,
Serialize complete at 11.04.2016 16:42:03
X-TNEFEvaluated: 1
Message-ID: <OFFA77A0A6.52A9A4D2-***@LocalDomain>
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset=Windows-1252
From command line:
[...]
Apr 13 09:33:39.182 [5285] dbg: metadata: X-Spam-Relays-Untrusted: [
ip=193.109.254.103 rdns=mail6.bemta14.messagelabs.com
helo=mail6.bemta14.messagelabs.com by=mail2.hoerbiger.com ident=
envfrom= intl=0 id=0423F30E auth= msa=0 ] [ ip=85.158.140.195 rdns=
helo= by=server-10.bemta-14.messagelabs.com ident= envfrom= intl=0
id=04/85-02972-8943C075 auth= msa=0 ] [ ip=104.47.100.68
rdns=mail-ma1ind01on0068.outbound.protection.outlook.com
helo=IND01-MA1-obe.outbound.protection.outlook.com
by=server-9.tower-193.messagelabs.com ident= envfrom= intl=0 id= auth=
msa=0 ] [ ip=115.114.122.40 rdns=115.114.122.40 helo=115.114.122.40
by=BM1PR01MB0596.INDPRD01.PROD.OUTLOOK.COM ident= envfrom= intl=0
id=15.1.453.26 auth= msa=0 ] [ ip=115.114.122.40 rdns= helo= by= ident=
envfrom= intl=0 id= auth= msa=0 ]
[...]
Content analysis details: (6.1 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.5 RCVD_IN_DNSWL_MED RBL: Sender listed at
http://www.dnswl.org/, medium
trust
[193.109.254.103 listed in list.dnswl.org]
0.9 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in
DNS
1.2 RCVD_NUMERIC_HELO Received: contains an IP address used for
HELO
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
1.5 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily valid
1.4 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not
valid
1.5 FSL_HELO_BARE_IP_2 No description available.