You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Reio Remma <re...@mrstuudio.ee> on 2018/10/22 18:34:57 UTC
Extreme scores from FRNAME rules.
Hello!
I have this perfectly legit mail that has a +7.5 score from these three rules.
* 2.5 FRNAME_IN_MSG_XPRIO From name in message + X-Priority
* 2.5 XPRIO_SHORT_SUBJ Has X-Priority header + short subject
* 2.5 FRNAME_IN_MSG_NO_SUBJ From name in message + short or no subject
If it wasn't for the -1.9 from Bayes and -2.6 from TxRep, it would have been thrown away.
Should these XPRIO/FRNAME rules stack like this?
The e-mail in question is available here:
https://bz.apache.org/SpamAssassin/attachment.cgi?id=5607
Thanks!
Reio
Re: Extreme scores from FRNAME rules.
Posted by Reio Remma <re...@mrstuudio.ee>.
On 25/10/2018 14:06, Matus UHLAR - fantomas wrote:
>> On 25/10/2018 11:43, Matus UHLAR - fantomas wrote:
>>> On 25/10/2018 10:33, Matus UHLAR - fantomas wrote:
>>>>> bug number would help more...
>>>
>>> On 25.10.18 10:58, Reio Remma wrote:
>>>> The bug contains no additional info. :) I was simply asked to post
>>>> to the list.
>>>
>>> and this is exactly why it would be better to post the link to the
>>> bug, or
>>> at least the bug number, instead of just link to the attachment...
>
> On 25.10.18 11:46, Reio Remma wrote:
>> No worries. Here it is:
>>
>> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7644
>
> Good. I don't see FRNAME_IN_MSG_NO_SUBJ in rules now (apparently due to
> John Hardin's change) , but according to original description, they
> seem to
> match:
>
> * 2.5 FRNAME_IN_MSG_XPRIO From name in message + X-Priority
>
> A+B = 2.5
>
> * 2.5 XPRIO_SHORT_SUBJ Has X-Priority header + short subject
>
> B+C = 2.5
>
> * 2.5 FRNAME_IN_MSG_NO_SUBJ From name in message + short or no subject
>
> A+C = 2.5
>
> so, in fact neither of them overlaps, but they all three in common
> seem to match three different conditions, where final score was 3*2.5
>
>
> currently we have FRNAME_IN_MSG_XPRIO_NO_SUB which matches
>
> A+B+C
>
> but does not match short subject now.
>
> This could fix your problem, can you rescan the mail?
>
>
> current scores:
>
> score FRNAME_IN_MSG_NO_SUBJ 0.001 2.499 0.001 2.499
> score FRNAME_IN_MSG_XPRIO 0.001 2.499 0.001 2.499
> score FRNAME_IN_MSG_XPRIO_NO_SUB 2.499 0.001 2.499 0.001
> score XPRIO_SHORT_SUBJ 2.499 2.131 2.499 2.131
>
> note that FRNAME_IN_MSG_NO_SUBJ and FRNAME_IN_MSG_XPRIO are not defined.
Tested from command line and it only matched this now:
2.5 XPRIO_SHORT_SUBJ Has X-Priority header + short subject
That's much better. Thanks!
Reio
Re: Extreme scores from FRNAME rules.
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>On 25/10/2018 11:43, Matus UHLAR - fantomas wrote:
>>On 25/10/2018 10:33, Matus UHLAR - fantomas wrote:
>>>>bug number would help more...
>>
>>On 25.10.18 10:58, Reio Remma wrote:
>>>The bug contains no additional info. :) I was simply asked to post
>>>to the list.
>>
>>and this is exactly why it would be better to post the link to the
>>bug, or
>>at least the bug number, instead of just link to the attachment...
On 25.10.18 11:46, Reio Remma wrote:
>No worries. Here it is:
>
>https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7644
Good. I don't see FRNAME_IN_MSG_NO_SUBJ in rules now (apparently due to
John Hardin's change) , but according to original description, they seem to
match:
* 2.5 FRNAME_IN_MSG_XPRIO From name in message + X-Priority
A+B = 2.5
* 2.5 XPRIO_SHORT_SUBJ Has X-Priority header + short subject
B+C = 2.5
* 2.5 FRNAME_IN_MSG_NO_SUBJ From name in message + short or no subject
A+C = 2.5
so, in fact neither of them overlaps, but they all three in common seem to
match three different conditions, where final score was 3*2.5
currently we have FRNAME_IN_MSG_XPRIO_NO_SUB which matches
A+B+C
but does not match short subject now.
This could fix your problem, can you rescan the mail?
current scores:
score FRNAME_IN_MSG_NO_SUBJ 0.001 2.499 0.001 2.499
score FRNAME_IN_MSG_XPRIO 0.001 2.499 0.001 2.499
score FRNAME_IN_MSG_XPRIO_NO_SUB 2.499 0.001 2.499 0.001
score XPRIO_SHORT_SUBJ 2.499 2.131 2.499 2.131
note that FRNAME_IN_MSG_NO_SUBJ and FRNAME_IN_MSG_XPRIO are not defined.
I did first think of FRNAME_IN_MSG_XPRIO_NO_SUB balancing those three rules
- it could score negatively, so when mail would match all three meta-rules,
the final score wouldn't be triple of their scores.
however, I understand that such thing is too much for manual testing.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (userfriendly.org)
Re: Extreme scores from FRNAME rules.
Posted by Reio Remma <re...@mrstuudio.ee>.
On 25/10/2018 11:43, Matus UHLAR - fantomas wrote:
> On 25/10/2018 10:33, Matus UHLAR - fantomas wrote:
>>> bug number would help more...
>
> On 25.10.18 10:58, Reio Remma wrote:
>> The bug contains no additional info. :) I was simply asked to post to
>> the list.
>
> and this is exactly why it would be better to post the link to the
> bug, or
> at least the bug number, instead of just link to the attachment...
No worries. Here it is:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7644
Re: Extreme scores from FRNAME rules.
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>>On 22.10.18 21:34, Reio Remma wrote:
>>>I have this perfectly legit mail that has a +7.5 score from these
>>>three rules.
>>>
>>>* 2.5 FRNAME_IN_MSG_XPRIO From name in message + X-Priority
>>>* 2.5 XPRIO_SHORT_SUBJ Has X-Priority header + short subject
>>>* 2.5 FRNAME_IN_MSG_NO_SUBJ From name in message + short or no subject
>>>
>>>If it wasn't for the -1.9 from Bayes and -2.6 from TxRep, it would
>>>have been thrown away.
>>>
>>>Should these XPRIO/FRNAME rules stack like this?
>>>
>>>The e-mail in question is available here:
>>>
>>>https://bz.apache.org/SpamAssassin/attachment.cgi?id=5607
>On 25/10/2018 10:33, Matus UHLAR - fantomas wrote:
>>bug number would help more...
On 25.10.18 10:58, Reio Remma wrote:
>The bug contains no additional info. :) I was simply asked to post to
>the list.
and this is exactly why it would be better to post the link to the bug, or
at least the bug number, instead of just link to the attachment...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.
Re: Extreme scores from FRNAME rules.
Posted by Reio Remma <re...@mrstuudio.ee>.
On 25/10/2018 10:33, Matus UHLAR - fantomas wrote:
> On 22.10.18 21:34, Reio Remma wrote:
>> I have this perfectly legit mail that has a +7.5 score from these
>> three rules.
>>
>> * 2.5 FRNAME_IN_MSG_XPRIO From name in message + X-Priority
>> * 2.5 XPRIO_SHORT_SUBJ Has X-Priority header + short subject
>> * 2.5 FRNAME_IN_MSG_NO_SUBJ From name in message + short or no subject
>>
>> If it wasn't for the -1.9 from Bayes and -2.6 from TxRep, it would
>> have been thrown away.
>>
>> Should these XPRIO/FRNAME rules stack like this?
>>
>> The e-mail in question is available here:
>>
>> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5607
>
> bug number would help more...
The bug contains no additional info. :) I was simply asked to post to
the list.
Reio
Re: Extreme scores from FRNAME rules.
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 22.10.18 21:34, Reio Remma wrote:
>I have this perfectly legit mail that has a +7.5 score from these three rules.
>
>* 2.5 FRNAME_IN_MSG_XPRIO From name in message + X-Priority
>* 2.5 XPRIO_SHORT_SUBJ Has X-Priority header + short subject
>* 2.5 FRNAME_IN_MSG_NO_SUBJ From name in message + short or no subject
>
>If it wasn't for the -1.9 from Bayes and -2.6 from TxRep, it would have been thrown away.
>
>Should these XPRIO/FRNAME rules stack like this?
>
>The e-mail in question is available here:
>
>https://bz.apache.org/SpamAssassin/attachment.cgi?id=5607
bug number would help more...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot
Send this email to 100 your friends - let them see what an idiot you are
Re: Extreme scores from FRNAME rules.
Posted by John Hardin <jh...@impsec.org>.
On Mon, 22 Oct 2018, Reio Remma wrote:
> Hello!
>
> I have this perfectly legit mail that has a +7.5 score from these three
> rules.
>
> * 2.5 FRNAME_IN_MSG_XPRIO From name in message + X-Priority
> * 2.5 XPRIO_SHORT_SUBJ Has X-Priority header + short subject
> * 2.5 FRNAME_IN_MSG_NO_SUBJ From name in message + short or no subject
>
> If it wasn't for the -1.9 from Bayes and -2.6 from TxRep, it would have been
> thrown away.
>
> Should these XPRIO/FRNAME rules stack like this?
>
> The e-mail in question is available here:
>
> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5607
I checked in some changes to reduce the overlap in the FRNAME rules. The
reason they are scoring that high even with overlap is those are strong
spam signs in the masscheck corpus.
And: Bayes and TxRep did exactly what they are supposed to do here.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Justice is justice, whereas "social justice" is code for one set
of rules for the rich, another for the poor; one set for whites,
another set for minorities; one set for straight men, another for
women and gays. In short, it's the opposite of actual justice.
-- Burt Prelutsky
-----------------------------------------------------------------------
571 days since the first commercial re-flight of an orbital booster (SpaceX)