Re: Mailing List
On Sun 03 Dec 2023 at 10:01:25 (+0100), Thomas Schmitt wrote:
> David Wright wrote:
> > I'm subscribed, but I don't receive that badge of honour.
> > This is from my other post in this thread—no LDOSUBSCRIBER:
> >
> > > X-Spam-Status: No, score=-4.9 required=4.0 tests=CAPINIT,FOURLA,
> > > HEADER_FROM_DIFFERENT_DOMAINS,LDO_WHITELIST,RCVD_IN_DNSWL_LOW,
> > > T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no
> > > version=3.4.2
>
> This is known to happen if the mail is sent from an address that is different
> from the subscribed mail address. Maybe you discovered a new cause.
>
>
> > I'm guessing your last example is Curt's.
> > > X-Spam-Status: No,
> > > score=-10.5 required=4.0 tests=FREEMAIL_FORGED_FROMDOMAIN,
> > > FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,LDOSUBSCRIBER,
> > > LDO_WHITELIST,T_SCC_BODY_TEXT_LINE autolearn=unavailable
> > > autolearn_force=no version=3.4.2
>
> Yes. It's from:
>
> Subject: Re: rhs time out error?
> Date: Sun, 26 Nov 2023 16:30:02 -0000 (UTC)
> Message-ID: <slrnum6ska.1gl.curty@einstein.electron.org>
>
> > The only occurrence of
> > the From: address in the entire email is in the From: line.
> > That's no different from my own post, except for the lines at the
> > very top, which show my post being delivered to me.
> >
> > I had thought the server was using the envelope-from in order to
> > identify subscribers, yet Curt's posts, like mine, have different
> > envelope-from and From: addresses, which is presumably the reason
> > behind HEADER_FROM_DIFFERENT_DOMAINS.
>
> HEADER_FROM_DIFFERENT_DOMAINS would have been my first suspicion, too.
> But i see no "envelope-from" Curt's mail and yours.
> Only
> Envelope-To: <scdbackup@gmx.net>
> (If "envelope-from" is a typo and "Envelope-To:" differs from "From:",
> then we'd probably have the situation of different sender and receiver.)
As you can see from the headers I've posted below, what the
envelope-to (RCPT) gets called depends on the hosting service.
In my case, it's the X-Original-To: header. (As the list server
generates it, it won't take part in spam detection, of course.)
OTOH the envelope-from (MAIL/MAIL FROM) is, I presume, of great
interest to the spam scanners, perhaps more than the From:
address itself, because it's more likely to be checked by the mail
submission system. Curt's envelope-from is embedded in a Received:
header, pasted here with some surrounding context:
Received: from ciao.gmane.io (ciao.gmane.io [116.202.254.214])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
(Client did not present a certificate)
by bendel.debian.org (Postfix) with ESMTPS id D0D83205F2
for <debian-user@lists.debian.org>; Sun, 26 Nov 2023 16:30:11 +0000 (UTC)
Received: from list by ciao.gmane.io with local (Exim 4.92)
(envelope-from <gldu-debian-user-2@m.gmane-mx.org>)
id 1r7I1I-0001BZ-JA
for debian-user@lists.debian.org; Sun, 26 Nov 2023 17:30:08 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: debian-user@lists.debian.org
> It would be interesting to see all "Received:" headers of your own
> mail when it arrives back to you. I see in your mail to which i now reply:
>
> Received: from bendel.debian.org ([82.195.75.100]) by mx-ha.gmx.net
> (mxgmx109
> [212.227.17.5]) with ESMTPS (Nemesis) id 1MZzsi-1qmfcQ0kRo-00R0wN for
> <scdbackup@gmx.net>; Sun, 03 Dec 2023 05:24:06 +0100
> Received: from localhost (localhost [127.0.0.1])
> by bendel.debian.org (Postfix) with QMQP
> id 0F8C9209D5; Sun, 3 Dec 2023 04:23:55 +0000 (UTC)
> Received: from localhost (localhost [127.0.0.1])
> by bendel.debian.org (Postfix) with ESMTP id 0413D20837
> for <lists-debian-user@bendel.debian.org>; Sun,
> 3 Dec 2023 04:23:42 +0000 (UTC)
> Received: from bendel.debian.org ([127.0.0.1])
> by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525)
> with ESMTP id 1Ym_tsLfWzf6 for <lists-debian-user@bendel.debian.org>;
> Sun, 3 Dec 2023 04:23:33 +0000 (UTC)
> Received: from omta012.uswest2.a.cloudfilter.net
> (omta012.uswest2.a.cloudfilter.net [35.164.127.235])
> (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
> (Client CN "Client", Issuer "CA" (not verified))
> by bendel.debian.org (Postfix) with ESMTPS id 1A7BD209C6
> for <debian-user@lists.debian.org>; Sun,
> 3 Dec 2023 04:23:32 +0000 (UTC)
> Received: from cxr.smtp.a.cloudfilter.net ([10.0.16.145])
> by cmsmtp with ESMTP
> id 9deErTpHpaga99e0vrCJA8; Sun, 03 Dec 2023 04:23:29 +0000
> Received: from axis.corp ([68.102.133.185])
> by cmsmtp with ESMTPSA
> id 9e0srwhHYTywR9e0urtWnm; Sun, 03 Dec 2023 04:23:29 +0000
>
> All these headers except the first were added on the sender side, i.e
> on the list server bendel.debian.org and in your mail provider's realm.
>
> In a mail of mine to this list i see:
>
> Received: from bendel.debian.org ([82.195.75.100]) by mx-ha.gmx.net
> (mxgmx009
> [212.227.15.9]) with ESMTPS (Nemesis) id 1MMYsv-1qsRpG2aBT-00SPIm for
> <scdbackup@gmx.net>; Fri, 01 Dec 2023 21:11:45 +0100
> Received: from localhost (localhost [127.0.0.1])
> by bendel.debian.org (Postfix) with QMQP
> id 869AC20BB3; Fri, 1 Dec 2023 20:11:33 +0000 (UTC)
> Received: from localhost (localhost [127.0.0.1])
> by bendel.debian.org (Postfix) with ESMTP id 920DB20B9A
> for <lists-debian-user@bendel.debian.org>; Fri,
> 1 Dec 2023 20:11:22 +0000 (UTC)
> Received: from bendel.debian.org ([127.0.0.1])
> by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525)
> with ESMTP id g1fSuxvi8ZX9 for <lists-debian-user@bendel.debian.org>;
> Fri, 1 Dec 2023 20:11:19 +0000 (UTC)
> Received: from mout.gmx.net (mout.gmx.net [212.227.15.15])
> (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
> key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits)
> server-digest SHA256)
> (Client did not present a certificate)
> by bendel.debian.org (Postfix) with ESMTPS id 14F4520A27
> for <debian-user@lists.debian.org>; Fri,
> 1 Dec 2023 20:11:19 +0000 (UTC)
> Received: from scdbackup.webframe.org ([91.8.169.164]) by mail.gmx.net
> (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id
> 1Mqs0R-1reJbZ24e1-00mwgO for <debian-user@lists.debian.org>; Fri,
> 01 Dec 2023 21:11:16 +0100
>
> So there is one mail relay hop more on your side, before the mail reaches
> the Debian list server. I wonder whether this earns you the spam test
> attribute HEADER_FROM_DIFFERENT_DOMAINS which i don't get in my mails:
>
> X-Spam-Status: No, score=-12.0 required=4.0 tests=DKIM_SIGNED,DKIM_VALID,
> DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,LDOSUBSCRIBER,LDO_WHITELIST,
> RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,
> T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no
> version=3.4.2
The headers below are from a copy of the same email as the one of mine
you quoted above, from the top down to the standard headers. (Below
those, there's another load of less interesting? stuff.) I've lightly
redacted it.
Return-Path: <bounce-debian-user=deblis=lionunicorn.co.uk@lists.debian.org>
X-Original-To: deblis@lionunicorn.co.uk
Delivered-To: …@lionunicorn.co.uk
Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
by cloud204.unlimitedwebhosting.co.uk (Postfix) with ESMTPS id F3D48C22F08
for <deblis@lionunicorn.co.uk>; Sun, 3 Dec 2023 04:24:00 +0000 (GMT)
Authentication-Results: cloud204.unlimitedwebhosting.co.uk;
spf=none (sender IP is 82.195.75.100)
smtp.mailfrom=bounce-debian-user=deblis=lionunicorn.co.uk@lists.debian.org
smtp.helo=bendel.debian.org
Received-SPF: none (cloud204.unlimitedwebhosting.co.uk: no valid SPF record)
Received: from localhost (localhost [127.0.0.1])
by bendel.debian.org (Postfix) with QMQP
id 0F8C9209D5; Sun, 3 Dec 2023 04:23:55 +0000 (UTC)
X-Mailbox-Line: From debian-user-request@lists.debian.org Sun Dec 3 04:23:54 2023
Old-Return-Path: <…xyz…@cox.net>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on bendel.debian.org
X-Spam-Level:
X-Spam-Status: No, score=0.7 required=4.0 tests=CAPINIT,
HEADER_FROM_DIFFERENT_DOMAINS,LDO_WHITELIST,META_ATTENDEES_DBSPAM1,
RCVD_IN_DNSWL_NONE,T_SCC_BODY_TEXT_LINE autolearn=no
autolearn_force=no version=3.4.2
X-Original-To: lists-debian-user@bendel.debian.org
Delivered-To: lists-debian-user@bendel.debian.org
Received: from localhost (localhost [127.0.0.1])
by bendel.debian.org (Postfix) with ESMTP id 0413D20837
for <lists-debian-user@bendel.debian.org>; Sun, 3 Dec 2023 04:23:42 +0000 (UTC)
X-Virus-Scanned: at lists.debian.org with policy bank en-ht
X-Amavis-Spam-Status: No, score=-1.26 tagged_above=-10000 required=5.3
tests=[BAYES_00=-2, CAPINIT=0.5, HEADER_FROM_DIFFERENT_DOMAINS=0.25,
LDO_WHITELIST=-5, META_ATTENDEES_DBSPAM1=5,
RCVD_IN_DNSWL_NONE=-0.0001, T_SCC_BODY_TEXT_LINE=-0.01]
autolearn=no autolearn_force=no
Received: from bendel.debian.org ([127.0.0.1])
by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525)
with ESMTP id 1Ym_tsLfWzf6 for <lists-debian-user@bendel.debian.org>;
Sun, 3 Dec 2023 04:23:33 +0000 (UTC)
X-policyd-weight: using cached result; rate: -5.5
Received: from omta012.uswest2.a.cloudfilter.net (omta012.uswest2.a.cloudfilter.net
[35.164.127.235])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "Client", Issuer "CA" (not verified))
by bendel.debian.org (Postfix) with ESMTPS id 1A7BD209C6
for <debian-user@lists.debian.org>; Sun, 3 Dec 2023 04:23:32 +0000 (UTC)
Received: from cxr.smtp.a.cloudfilter.net ([10.0.16.145])
by cmsmtp with ESMTP
id 9deErTpHpaga99e0vrCJA8; Sun, 03 Dec 2023 04:23:29 +0000
Received: from axis.corp ([68.102.133.185])
by cmsmtp with ESMTPSA
id 9e0srwhHYTywR9e0urtWnm; Sun, 03 Dec 2023 04:23:29 +0000
Authentication-Results: cox.net; auth=pass (PLAIN) smtp.auth=…xyz…@cox.net
X-Authority-Analysis: v=2.4 cv=UYJC9YeN c=1 sm=1 tr=0 ts=656c02c1
a=… … …
Date: Sat, 2 Dec 2023 22:23:26 -0600
The HELO is the name of the originating machine, here with the
IP address of the modem, and my envelope-from (MAIL FROM) is
the same as the partially redacted authentication credentials,
also shown here at Old_Return_Path:.
As far as spam detection/rejection is concerned, I've had more
trouble from spam filters on the way to debian-user than with
the list/bendel's own ones.
Cheers,
David.
Reply to: