#4870 Reverse DNS for Fedora mail relay 'bastion01.phx2.fedoraproject.org' / 'bastion.fedoraproject.org' sometimes fails, causing RH (and other?) spam filters to mark list mails as spam
Closed: Fixed None Opened 8 years ago by adamwill.

Jeff Needle caught that the Red Hat spam filter seems to be marking a lot of fedoraproject.org mailing list traffic as spam. Here's a sample Red Hat Spamassasin score log from a mail marked as spam:

X-RedHat-Spam-Score: 5.294 * (BAYES_99,BAYES_999,RCVD_IN_ANBREP_L2,RDNS_NONE,URIBL_BLOCKED) 10.5.126.12

and here's a log from a similar mail (they're both QA meeting minutes mails) not marked as spam:

X-redhat-spam-score: 2.201 ** (BAYES_99,BAYES_999,RCVD_IN_ANBREP_L2,RCVD_IN_DNSWL_MED,URIBL_BLOCKED) 10.5.126.12 bastion01.phx2.fedoraproject.org 10.5.126.12 bastion01.phx2.fedoraproject.org test-bounces@lists.fedoraproject.org

as you can see, the significant difference (causing a difference of +3 in the score) seems to be RDNS_NONE . In both cases the apparent relay to the RH server that runs the check is 'bastion01.phx2.fedoraproject.org' with an IP address of 10.5.126.12 , but it seems like one day (yesterday, 08-23) reverse DNS lookup for that IP succeeded, but today (08-24) it failed.

Testing it here, it looks like right now I can lookup that IP address using the RH DNS server (when I'm on the RH VPN), but I can't look it up using a non-RH DNS server:

[root@mail spamassassin]# host 10.5.126.12 RH.DNS.SERVER.IP
Using domain server:
Name: RH.DNS.SERVER.IP
Address: RH.DNS.SERVER.IP#53
Aliases:

12.126.5.10.in-addr.arpa domain name pointer bastion01.phx2.fedoraproject.org.
[root@mail spamassassin]# host 10.5.126.12
Host 12.126.5.10.in-addr.arpa. not found: 3(NXDOMAIN)

Presumably any other recipient of mail from the list that runs a reverse DNS check on the sender is going to have the same problem, but I haven't checked for sure that the delivery path is the same for non-RH recipients.


What you're experiencing right now is how things should be, you're not supposed to be able to resolve any 10.0.0.0/8 addresses in the public internet, this is an internal address range.

However, from the email headers, it does seem that the address wasn't resolvable inside RH network for a period of time, which did cause Spamassassin to raise the spam score on that email. Even in that case though, while it is perfectly acceptable for internal address ranges to show up in the "Received" entries, I don't know why would spam assassin evaluate them in the first place. Other headers shouldn't contain internal ranges in general.

https://wiki.apache.org/spamassassin/Rules/RDNS_NONE says that Spamassassin tests "the last untrusted relay". I'm not sure exactly how it decides what's 'trusted' or 'untrusted' (SA is one of those things I drink away all knowledge of five minutes after I'm done poking it).

SA documents it quite nicely here: https://wiki.apache.org/spamassassin/TrustedRelays

Which to me kinda suggests it might be an RH SA config issue and the RH SA config should be set up to 'trust' the appropriate IP address range (10.something)? But that's just me speculating. See also https://wiki.apache.org/spamassassin/TrustPath .

Will engage Red Hat IT on what the issue is. They should be able to reverse DNS all the ips [since it is available inside of Red Hat. ]

From today's fedora list spam collection:

Executive summary: 4/5 of these came through 66.35.62.164 and may have been due to a temporary resolution failure as I can look those up. The other (marked Message #1) came through 67.203.2.69 which I still cannot reverse look up.

Smooge, if this is useful I can keep adding these. If not, let me know and I'll cease and desist :).

Message #1:

X-RedHat-Spam-Score: 5.003 * (BAYES_60,DNS_FROM_AHBL_RHSBL,RDNS_NONE,T_HEADER_FROM_DIFFERENT_DOMAINS,URIBL_BLOCKED) 10.5.126.12 bastion01.phx2.fedoraproject.org 10.5.126.12 bastion01.phx2.fedoraproject.org devel-bounces@lists.fedoraproject.org

Received: from smtp-mm-coloamer01.fedoraproject.org (unknown [67.203.2.69])
by lists.fedoraproject.org (Postfix) with ESMTP id B38D080786
for devel@lists.fedoraproject.org;
Thu, 27 Aug 2015 00:27:27 +0000 (UTC)

$ host 67.203.2.69
69.2.203.67.in-addr.arpa domain name pointer unused.

Message #2:

X-RedHat-Spam-Score: 5.301 * (BAYES_99,BAYES_999,HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_ANBREP_L2,RDNS_NONE,URIBL_BLOCKED) 10.5.126.12 bastion01.phx2.fedoraproject.org 10.5.126.12 bastion01.phx2.fedoraproject.org users-bounces@lists.fedoraproject.org

Received: from smtp-mm-tummy01.fedoraproject.org (unknown [66.35.62.164])
by lists.fedoraproject.org (Postfix) with ESMTP id 5B7308004A
for USERS@lists.fedoraproject.org;
Thu, 27 Aug 2015 11:52:31 +0000 (UTC)

(I could look that one up, so maybe a temporary DNS resolution issue)

Message #3:

X-RedHat-Spam-Score: 5.213 * (BAYES_99,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_ANBREP_L2,RDNS_NONE,T_DKIM_INVALID,URIBL_BLOCKED) 10.5.126.12 bastion01.phx2.fedoraproject.org 10.5.126.12 bastion01.phx2.fedoraproject.org users-bounces@lists.fedoraproject.org

Received: from smtp-mm-tummy01.fedoraproject.org (unknown [66.35.62.164])
by lists.fedoraproject.org (Postfix) with ESMTP id 2E6868029E
for users@lists.fedoraproject.org;
Thu, 27 Aug 2015 11:59:47 +0000 (UTC)

Message #4:

X-RedHat-Spam-Score: 5.104 * (BAYES_50,DNS_FROM_AHBL_RHSBL,HTML_MESSAGE,RCVD_IN_ANBREP_L2,RDNS_NONE,T_HEADER_FROM_DIFFERENT_DOMAINS,URIBL_BLOCKED) 10.5.126.12 bastion01.phx2.fedoraproject.org 10.5.126.12 bastion01.phx2.fedoraproject.org devel-bounces@lists.fedoraproject.org

Received: from smtp-mm-tummy01.fedoraproject.org (unknown [66.35.62.164])
by lists.fedoraproject.org (Postfix) with ESMTP id E18818004A
for devel@lists.fedoraproject.org;

Message #5:

X-RedHat-Spam-Score: 5.103 * (BAYES_50,DNS_FROM_AHBL_RHSBL,RCVD_IN_ANBREP_L2,RDNS_NONE,T_HEADER_FROM_DIFFERENT_DOMAINS,URIBL_BLOCKED) 10.5.126.12 bastion01.phx2.fedoraproject.org 10.5.126.12 bastion01.phx2.fedoraproject.org devel-bounces@lists.fedoraproject.org

Received: from smtp-mm-tummy01.fedoraproject.org (unknown [66.35.62.164])
by lists.fedoraproject.org (Postfix) with ESMTP id 6119B80786
for devel@lists.fedoraproject.org;
Thu, 27 Aug 2015 00:28:49 +0000 (UTC)

I'll note that nothing has changed on our end in recent memory.

Hopefully internal folks can/have identified what changed there.

From talking with Red Hat email admins, the only thing that has changed is that they are using default rules which used to be turned off. This was due to a spike in other SPAM and we will need to figure out how to 'fix' on our end.

Can they whitelist bastion01/02?

Failing that we may have to do some masquerading, which is not fun. ;(

The root of the problem isn't bastion. It is the smtp-mm servers and their lack of reverse DNS plus some other tests on them. The bastion failed DNS may or may not be part of the problem.

There may be a third issue for some users have marked enough of Fedora email as spam that it gets a high score also. The only way to deal with that is on the user side.

I have asked if they can be white-listed.. no word.

It's relatively easy to infer that RDNS_NONE is being scored just over +3: you just compare two mails which have identical results other than RDNS_NONE, and see that the score difference is just over 3. That's such a large score that it seemed reasonable to consider it, on its own, a significant issue, which is why I reported it in this way rather than as a fuzzier 'Fedora mails being considered spam' issue. The BAYES and RCVD_IN_ANBREP_L2 scores also concern me, but I think it's reasonable to consider them separately.

Anything which is more-or-less spuriously causing +3 scores is very likely to be incorrectly bumping at least some messages over the spam threshold regardless of precisely what other checks are in place.

Honestly I think this really needs to be treated with a bit more urgency internally at RH - why isn't it considered a major problem that RH employees are losing mails they need to do their jobs?

Per https://github.com/apache/spamassassin/blob/trunk/rules/23_bayes.cf , the default values for the BAYES tests are all under 1.0, so RDNS_NONE seems a lot more important. I think RCVD_IN_ANBREP_L2 is also scored ~1.0. Check out this score:

X-RedHat-Spam-Score: 5.094 * (BAYES_99,RCVD_IN_ANBREP_L2,RDNS_NONE,URIBL_BLOCKED)

We know RDNS_NONE is a bit over 3, and BAYES_99 looks to be 0.99. URIBL_BLOCKED seems to be scored close to 0 as it's more of an informational thing, so it seems like the remaining ~1 point must be down to RCVD_IN_ANBREP_L2. RCVD_IN_ANBREP_L2 is a very odd test to have running at all - Google finds only a couple of references to it, which suggest it was obsolete as long ago as 2010.

I dunno what the hell is going on with the Bayes training in RH's setup, btw, but it seems like just about every mail I receive to @redhat.com is at least BAYES_50 and most of them seem to be BAYES_99 or BAYES_999. I have a perfectly innocuous mail about ComposeDB from Adam Miller here, rated BAYES_999. On the other hand, I have an email with the topic 'Bigger size - more happiness' and the body 'Give your woman a night of pleasure (SUSPICIOUS URL)' which is apparently only BAYES_60. Hmmmm.

This may well have been fixed internally.

Can anyone who was seeing this check and see if it's still going on?

Still happening. Had at least 5 today. Just got this one a minute ago...

{{{

Return-Path: devel-bounces@lists.fedoraproject.org
Received: from zmta05.collab.prod.int.phx2.redhat.com (LHLO
zmta05.collab.prod.int.phx2.redhat.com) (10.5.81.12) by
zmail12.collab.prod.int.phx2.redhat.com with LMTP; Thu, 10 Sep 2015
13:17:56 -0400 (EDT)
Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26])
by zmta05.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 659EE17C102;
Thu, 10 Sep 2015 13:17:56 -0400 (EDT)
Received: from mx1.redhat.com (ext-mx05.extmail.prod.ext.phx2.redhat.com [10.5.110.29])
by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t8AHHtAC022627
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
Thu, 10 Sep 2015 13:17:55 -0400
Received: from bastion.fedoraproject.org (bastion01.phx2.fedoraproject.org [10.5.126.12])
by mx1.redhat.com (Postfix) with ESMTP id 88B85461F0;
Thu, 10 Sep 2015 17:17:54 +0000 (UTC)
Received: from lists.fedoraproject.org (collab03.vpn.fedoraproject.org [192.168.1.70])
by bastion01.phx2.fedoraproject.org (Postfix) with ESMTP id E3E4961B073B;
Thu, 10 Sep 2015 17:17:52 +0000 (UTC)
Received: by lists.fedoraproject.org (Postfix, from userid 503)
id E1A8E80DC7; Thu, 10 Sep 2015 17:17:51 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
collab03.fedoraproject.org
X-Spam-Level: *
X-Spam-Status: No, score=1.3 required=5.0 tests=RDNS_NONE autolearn=no
version=3.3.1
Received: from collab03.fedoraproject.org (localhost [127.0.0.1])
by lists.fedoraproject.org (Postfix) with ESMTP id 2C6A980ABE;
Thu, 10 Sep 2015 17:17:50 +0000 (UTC)
X-Original-To: devel@lists.fedoraproject.org
Delivered-To: devel@lists.fedoraproject.org
Received: by lists.fedoraproject.org (Postfix, from userid 503)
id 8146780D7B; Thu, 10 Sep 2015 17:17:47 +0000 (UTC)
Received: from smtp-mm-tummy01.fedoraproject.org (unknown [66.35.62.164])
by lists.fedoraproject.org (Postfix) with ESMTP id 2FB1D808CD;
Thu, 10 Sep 2015 17:17:47 +0000 (UTC)
Received: from disco.bu.edu (disco.bu.edu [128.197.11.69])
by smtp-mm-tummy01.fedoraproject.org (Postfix) with ESMTP id
A63EB6088515; Thu, 10 Sep 2015 17:17:47 +0000 (UTC)
Received: by disco.bu.edu (Postfix, from userid 18281)
id 533C0800EC; Thu, 10 Sep 2015 13:17:47 -0400 (EDT)
Date: Thu, 10 Sep 2015 13:17:47 -0400
From: Matthew Miller mattdm@fedoraproject.org
To: Development discussions related to Fedora devel@lists.fedoraproject.org
Subject: Re: [Fedora-packaging] Proposal to reduce anti-bundling requirements
Message-ID: 20150910171747.GA8199@mattdm.org
References: 1441893207.7378.50.camel@redhat.com
ufa8u8euuss.fsf@epithumia.math.uh.edu
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: ufa8u8euuss.fsf@epithumia.math.uh.edu
User-Agent: Mutt/1.5.20 (2009-12-10)
Cc: Discussion of RPM packaging standards and practices for Fedora
packaging@lists.fedoraproject.org
X-BeenThere: devel@lists.fedoraproject.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Development discussions related to Fedora
<devel.lists.fedoraproject.org>
List-Unsubscribe: https://admin.fedoraproject.org/mailman/options/devel,
devel-request@lists.fedoraproject.org?subject=unsubscribe
List-Archive: http://lists.fedoraproject.org/pipermail/devel/
List-Post: devel@lists.fedoraproject.org
List-Help: devel-request@lists.fedoraproject.org?subject=help
List-Subscribe: https://admin.fedoraproject.org/mailman/listinfo/devel,
devel-request@lists.fedoraproject.org?subject=subscribe
Reply-To: Development discussions related to Fedora
devel@lists.fedoraproject.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Sender: devel-bounces@lists.fedoraproject.org
Errors-To: devel-bounces@lists.fedoraproject.org
X-RedHat-Spam-Score: 5.094 * (BAYES_99,RCVD_IN_ANBREP_L2,RDNS_NONE,URIBL_BLOCKED) 10.5.126.12 bastion01.phx2.fedoraproject.org 10.5.126.12 bastion01.phx2.fedoraproject.org devel-bounces@lists.fedoraproject.org
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.29

}}}

Definitely not fixed, five false-positive "spam" mails in the past two hours.

{{{
X-RedHat-Spam-Score: 3.794 *** (BAYES_95,RDNS_NONE,URIBL_BLOCKED) 10.5.126.12 bastion01.phx2.fedoraproject.org 10.5.126.12 bastion01.phx2.fedoraproject.org devel-bounces@lists.fedoraproject.org

X-RedHat-Spam-Warning: 5.939 (*) BAYES_95,DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,HTML_FONT_FACE_BAD,HTML_MESSAGE,RCVD_IN_ANBREP_L2,RDNS_NONE,T_DKIM_INVALID,URIBL_BLOCKED
X-RedHat-Spam-Score: 5.939
*** (BAYES_95,DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,HTML_FONT_FACE_BAD,HTML_MESSAGE,RCVD_IN_ANBREP_L2,RDNS_NONE,T_DKIM_INVALID,URIBL_BLOCKED) 10.5.126.12 bastion01.phx2.fedoraproject.org 10.5.126.12 bastion01.phx2.fedoraproject.org devel-bounces@lists.fedoraproject.org

X-RedHat-Spam-Score: 5.094 * (BAYES_99,RCVD_IN_ANBREP_L2,RDNS_NONE,URIBL_BLOCKED) 10.5.126.12 bastion01.phx2.fedoraproject.org 10.5.126.12 bastion01.phx2.fedoraproject.org devel-bounces@lists.fedoraproject.org

X-RedHat-Spam-Score: 4.594 **** (BAYES_95,RCVD_IN_ANBREP_L2,RDNS_NONE,URIBL_BLOCKED) 10.5.126.12 bastion01.phx2.fedoraproject.org 10.5.126.12 bastion01.phx2.fedoraproject.org devel-bounces@lists.fedoraproject.org

X-RedHat-Spam-Score: 4.494 **** (BAYES_99,BAYES_999,RDNS_NONE,URIBL_BLOCKED) 10.5.126.12 bastion01.phx2.fedoraproject.org 10.5.126.12 bastion01.phx2.fedoraproject.org devel-bounces@lists.fedoraproject.org
}}}

And another four since then. If anything it's got worse :-)

Still happening with a vengeance. Here's one from over the weekend from that well known spammer, Smooge. For whatever it's worth, these always seem to have:

Received: from smtp-mm-tummy01.fedoraproject.org (unknown [66.35.62.164])

{{{

Return-Path: devel-bounces@lists.fedoraproject.org
Received: from zmta01.collab.prod.int.phx2.redhat.com (LHLO
zmta01.collab.prod.int.phx2.redhat.com) (10.5.81.8) by
zmail12.collab.prod.int.phx2.redhat.com with LMTP; Sat, 12 Sep 2015
16:12:27 -0400 (EDT)
Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
by zmta01.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 657BC184C76;
Sat, 12 Sep 2015 16:12:27 -0400 (EDT)
Received: from mx1.redhat.com (ext-mx03.extmail.prod.ext.phx2.redhat.com [10.5.110.27])
by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t8CKCQNO010345
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
Sat, 12 Sep 2015 16:12:26 -0400
Received: from bastion.fedoraproject.org (bastion01.phx2.fedoraproject.org [10.5.126.12])
by mx1.redhat.com (Postfix) with ESMTP id 3330DA063B;
Sat, 12 Sep 2015 20:12:18 +0000 (UTC)
Received: from lists.fedoraproject.org (collab03.vpn.fedoraproject.org [192.168.1.70])
by bastion01.phx2.fedoraproject.org (Postfix) with ESMTP id 39E78623E04D;
Sat, 12 Sep 2015 20:12:10 +0000 (UTC)
Received: by lists.fedoraproject.org (Postfix, from userid 503)
id 3EBA280030; Sat, 12 Sep 2015 20:12:09 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
collab03.fedoraproject.org
X-Spam-Level: *
X-Spam-Status: No, score=1.4 required=5.0 tests=DKIM_ADSP_CUSTOM_MED,
DKIM_SIGNED,FREEMAIL_FROM,RDNS_NONE,T_DKIM_INVALID autolearn=no version=3.3.1
Received: from collab03.fedoraproject.org (localhost [127.0.0.1])
by lists.fedoraproject.org (Postfix) with ESMTP id 8CCC3803A5;
Sat, 12 Sep 2015 20:12:06 +0000 (UTC)
X-Original-To: devel@lists.fedoraproject.org
Delivered-To: devel@lists.fedoraproject.org
Received: by lists.fedoraproject.org (Postfix, from userid 503)
id BB90F80B4A; Sat, 12 Sep 2015 20:12:04 +0000 (UTC)
Received: from smtp-mm-tummy01.fedoraproject.org (unknown [66.35.62.164])
by lists.fedoraproject.org (Postfix) with ESMTP id 04B4B80030
for devel@lists.fedoraproject.org;
Sat, 12 Sep 2015 20:12:01 +0000 (UTC)
Received: from mail-oi0-f48.google.com (mail-oi0-f48.google.com
[209.85.218.48])
by smtp-mm-tummy01.fedoraproject.org (Postfix) with ESMTP id
9016F607DA2C for devel@lists.fedoraproject.org;
Sat, 12 Sep 2015 20:12:01 +0000 (UTC)
Received: by oiev17 with SMTP id v17so59138128oie.1
for devel@lists.fedoraproject.org;
Sat, 12 Sep 2015 13:12:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type:content-transfer-encoding;
bh=eVL70Q6j1upyba4UVczd2HCiFZZo0R/BYDS7P46NSb0=;
b=qQwX/D0FEsUTaXtEq14mY/MHJ8DoNVaBJYyBIhSrJSOogKC8vZKvizYMQF8FqtCwq5
Z95+ADAdW01cKUyQdAPHm6dLCUmUcUi737ahe6lFA1bB+s5pDpdgm8++lc6AGih+8+Cj
jvpHwoeopDjAhFxiOf5ok7fwdwSj6/V/wX5E9Yq/oGaF5bWh6kG7ffhwhQGPCIZSwjNC
ApucAOj/D2TdgKP69ltG5cbsYm35N0ZjxQh6HdllGeQsiZXVVc9lJIFxn2SDz8Ga7Sab
xJLKLvJp8i+FNSdGAoBOXwKHx6RDZg4gheZ9uLE7HSzzXQeexDzaWaQGykS6lh5ocqqH
cOSQ==
MIME-Version: 1.0
X-Received: by 10.202.0.206 with SMTP id 197mr4437748oia.76.1442088721211;
Sat, 12 Sep 2015 13:12:01 -0700 (PDT)
Received: by 10.60.98.101 with HTTP; Sat, 12 Sep 2015 13:12:01 -0700 (PDT)
In-Reply-To: 55F4328B.8020101@cora.nwra.com
References: 1441893207.7378.50.camel@redhat.com 55F2DC65.8000308@redhat.com
20150911152104.GB19161@mattdm.org 55F2FC87.2020007@redhat.com
55F342F3.3060700@cora.nwra.com 55F3588B.10400@gmail.com
CANnLRdjmSMcH2g2j9ZY1DiAVgTygCc3SK60OjPbepa7vVryqZw@mail.gmail.com
55F4328B.8020101@cora.nwra.com
Date: Sat, 12 Sep 2015 14:12:01 -0600
Message-ID: CANnLRdiXHELkSL+18FA0WeZ1iZWiOKecTGXyGtZF3usiR6Xjeg@mail.gmail.com
Subject: Re: Proposal to reduce anti-bundling requirements
From: Stephen John Smoogen smooge@gmail.com
To: Development discussions related to Fedora devel@lists.fedoraproject.org
X-BeenThere: devel@lists.fedoraproject.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Development discussions related to Fedora
<devel.lists.fedoraproject.org>
List-Unsubscribe: https://admin.fedoraproject.org/mailman/options/devel,
devel-request@lists.fedoraproject.org?subject=unsubscribe
List-Archive: http://lists.fedoraproject.org/pipermail/devel/
List-Post: devel@lists.fedoraproject.org
List-Help: devel-request@lists.fedoraproject.org?subject=help
List-Subscribe: https://admin.fedoraproject.org/mailman/listinfo/devel,
devel-request@lists.fedoraproject.org?subject=subscribe
Reply-To: Development discussions related to Fedora
devel@lists.fedoraproject.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Sender: devel-bounces@lists.fedoraproject.org
Errors-To: devel-bounces@lists.fedoraproject.org
X-RedHat-Spam-Score: 5.456 * (BAYES_99,DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_ANBREP_L2,RDNS_NONE,T_DKIM_INVALID,URIBL_BLOCKED) 10.5.126.12 bastion01.phx2.fedoraproject.org 10.5.126.12 bastion01.phx2.fedoraproject.org devel-bounces@lists.fedoraproject.org
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-Scanned-By: MIMEDefang 2.76 on 10.5.110.27

}}}

I've pointed internal folks working on this issue here for recent examples of this still happening.

Also, I have contacted the provider at the site with smtp-mm-tummy01 in it and asked them to update reverse dns there.

The reverse dns for that particular smtp-mm host should now be fixed:

% host 66.35.62.164
164.62.35.66.in-addr.arpa domain name pointer smtp-mm-tummy01.fedoraproject.org.

% host smtp-mm-tummy01.fedoraproject.org
smtp-mm-tummy01.fedoraproject.org has address 66.35.62.164

I've also managed to fix reverse dns on smtp-mm-coloamer01 I think, but it's TTL is very high, so it could be a while.

The last one: smtp-mm-ib01 we will never be able to fix the reverse dns on. They have a policy of not changing it there. ;(

So, if the problem comes down to smtp-mm-ib01's reverse we will need to move it or masquerade it or something.

Are things any better today?

Still nothing from the fedora lists in my spam folder, so this is looking good. Thanks!

ok, lets go ahead and call this fixed now...

If you see any issues again, please file a new ticket/reopen this one.

Still seeing devel list mails getting marked as spam, these two from Matthew Miller today:

{{{
X-RedHat-Spam-Score: 3.691 *** (BAYES_99,BAYES_999,T_RP_MATCHES_RCVD,URIBL_BLOCKED) 10.5.126.12 bastion01.phx2.fedoraproject.org 10.5.126.12 bastion01.phx2.fedoraproject.org devel-bounces@lists.fedoraproject.org

X-RedHat-Spam-Score: 3.491 *** (BAYES_99,T_RP_MATCHES_RCVD,URIBL_BLOCKED) 10.5.126.12 bastion01.phx2.fedoraproject.org 10.5.126.12 bastion01.phx2.fedoraproject.org devel-bounces@lists.fedoraproject.org
}}}

I'm also getting false positives, including messages from Mo Duffy to my @fedoraproject.org account (not mailing list), as well as github notifications.

Also, Red Hat should really fix that URIBL thing — that's happening because the traffic level is way over what the free service allows. http://uribl.com/datafeed.shtml

I don't see any dns issues in that score?

T_RP_MATCHES_RCVD we likely can't get rid of unless we masquerade all our emails, or send to @redhat.com addresses via some external
ip or something...

https://wiki.apache.org/spamassassin/Rules/T_RP_MATCHES_RCVD

Looks like the URIBL_BLOCKED might be the cause this time?

It shouldn't be unless they've changed the score: near as I can tell the default score for URIBL_BLOCKED is ~0 - i.e. it's basically kind of a hack to use the spam score to notify the admin that their requests are being blocked than it's actually being used to filter.

Note both those scores are fairly low. The 'spam' threshold is usually 5.

Looking at current SA 50_scores.cf , BAYES_99 base score looks to be 3.5 and BAYES_999 0.2, so both those scores could be entirely produced by the BAYES tests, they're close enough to 3.5 and 3.7. I think T_RP_MATCHES_RCVD may be scored ~0 as well.

Login to comment on this ticket.

Metadata