spamassassin-users December 2011 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: RCVD_ILLEGAL_IP address range change nee

Re: RCVD_ILLEGAL_IP address range change needed?

From: Axb <axb.lists_at_nospam>
Date: Fri Dec 30 2011 - 09:02:23 GMT

On 2011-12-30 9:54, nealc wrote:
>
> Hi
>
> I get mail from 2.100.0.99 that's sent via Yahoo and delivered via
> Fasthosts, who use SA - headers below.
> The sender IP gets it a score of 3.2 RCVD_ILLEGAL_IP, as documented in
> http://wiki.apache.org/spamassassin/Rules/RCVD_ILLEGAL_IP which says
> 2.0.0.0/8 is Unallocated
> But whois -h whois.ripe.net reports 2.100.0.0 - 2.100.7.255 as allocated to
> the UK ISP TalkTalk.
>
> Looks like the 2.0.0.0/8 rule clause wants updating - who do I tell?

this has been "fixed" ages ago:

header RCVD_ILLEGAL_IP X-Spam-Relays-Untrusted =~ /
(?:by|ip)=(?=\d+\.\d+\.\d+\.\d+
)(?:0|2(?:2[4-9]|[3-5]\d)|192\.0\.2|198\.51\.100|203\.0\.113)\./

Fasthosts should patch/update their obsolete SA 3.2.5

> Neal
>
> X-Spam-Flag: YES
> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
> spam_205.livemail.co.uk
> X-Spam-Level: *****
> X-Spam-Status: Yes, score=5.7 required=5.0 tests=HTML_MESSAGE,
> MIME_QP_LONG_LINE,RCVD_ILLEGAL_IP shortcircuit=no autolearn=disabled
> version=3.2.5
> X-Spam-Report:
> * 3.2 RCVD_ILLEGAL_IP Received: contains illegal IP address
> * 0.0 HTML_MESSAGE BODY: HTML included in message
> * 2.5 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars
> Received: from nm11.bullet.mail.ukl.yahoo.com
> (nm11.bullet.mail.ukl.yahoo.com [217.146.183.185])
> by smtp-in-111.livemail.co.uk (Postfix) with SMTP id 7B9CC6540A8
> for ; Thu, 29 Dec 2011 16:55:32 +0000 (GMT)
> Received: from [217.146.183.213] by nm11.bullet.mail.ukl.yahoo.com with
> NNFMP; 29 Dec 2011 16:55:32 -0000
> Received: from [217.146.183.73] by tm6.bullet.mail.ukl.yahoo.com with NNFMP;
> 29 Dec 2011 16:55:32 -0000
> Received: from [127.0.0.1] by omp1034.mail.ukl.yahoo.com with NNFMP; 29 Dec
> 2011 16:55:32 -0000
> X-Yahoo-Newman-Property: ymail-3
> X-Yahoo-Newman-Id: 394450.95222.bm@omp1034.mail.ukl.yahoo.com
> Received: (qmail 48985 invoked by uid 60001); 29 Dec 2011 16:55:32 -0000
> Received: from [2.100.0.99] by web27601.mail.ukl.yahoo.com via HTTP; Thu, 29
> Dec 2011 16:55:31 GMT
> X-Mailer: YahooMailWebService/0.8.115.331698