User has dial-up IP. His ISP has put those on the PBL, because no mail should be originated directly from there.
He is authenticated and sends a mail via his mail-relay running qmail-scanner and netqmail to a user on another server.
Target is running spamassassin with RBL-checks enabled. Mail receives high spam scores/is being deleted/rejected.
Steps to Reproduce:
1. Use dial-up IP connection
2. Send - for easier testing - yourself a mail on a server running netqmail and qmail-scanner.
3. This will work, because qmail-scanner headers are inserted afterwards. But get the mail out of your delivery folder and run "spamassassin -t < mail" against it (RBL checks have to be enabled).
You will see high spam scores, because spamassassin doesn't strip qmail-scanner's Received: header, when mail is sent authenticated and thinks that it must do PBL-checks on your sender IP, because it doesn't detect authentication.
If target is running qmail-scanner without any adjustments, mail might be silently quarantined or even deleted.
Mail should be delivered, you should get -1 ALL-TRUSTED.
1. Change the Received: to X-Qmail-Scanner-Diagnostics: in qmail-scanner's .pl file --> prevents your mails from being deleted somewhere else.
Might be fixed in future versions, but I think this fix has to be backported, because i.e. current version 2.08 hasn't been unmasked yet, so some people might not be always running latest version ...
2. Change Spamassassin's code for handling qmail-scanner mails coming from others.
A maybe working fix can be found on spamassassin's bugzilla:
BTW: I would be for integrating that fix upstream, but when you read the comments until now, nobody upstream seems to be interested in getting this fixed in spamassassin ... --> maybe you want to tell them that this is a critical fix (although their claim that this should be fixed in qmail-scanner is correct, but that doesn't help you when you are dropping mails from others, who haven't fixed that yet ...)
BTW: maybe qmail-scanner's default should be changed to not quarantine but to reject, so sender is being informed instead of mails being silently dropped ...
Severity set to critical, because legitimate mails are handled as spam and so might be deleted (lost data ...).
Looks like this was fixed in 2.08 (and we will stabilize it soon)