You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@issues.apache.org on 2010/04/14 02:51:46 UTC

[Bug 6296] Problem with DATE_IN_FUTURE_48_96 rule

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6296

--- Comment #4 from Stuart Schneider <he...@aronsonsecurity.com> 2010-04-13 20:51:44 EDT ---
I've got a little bit of an update on this.....it appears that the bug may be
with spamass-milter and the Received header that it generates.

Since the original report, SpamAssassin has been updated to the RPMforge/DAG
release of 3.3.1 (2010-03-16).

Here are the sendmail logs from a recent false-positive of the
DATE_IN_FUTURE_48_96 rule:

Apr 12 15:00:38 pdxgw1 sendmail[14752]: o3CM0YMx014752: Milter add: header:
X-Spam-Status: No, score=-101.8 required=5.0
tests=BAYES_00,\n\tDATE_IN_FUTURE_48_96,EXTRA_MPART_TYPE,HTML_MESSAGE,T_RP_MATCHES_RCVD,\n\tWHITELISTED,WHITE_TEXT
autolearn=disabled version=3.3.1
Apr 12 15:00:38 pdxgw1 sendmail[14752]: o3CM0YMx014752: Milter add: header:
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16)
on\n\tpdxgw1.{removed}.com


These are the relevant headers from the email:

Received: from {removed}.com (ex1.{removed}.com [67.88.100.172])    by
 pdxgw1.{removed}.com (8.13.8/8.13.8) with ESMTP id o3CM0YMx014752
    (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL)    for
 <{removed}@{removed}.com>; Mon, 12 Apr 2010 15:00:35 -0700
Received: from ([10.1.1.10])    by mail.{removed}.com with ESMTP  id
 0822B00820.2144728;    Mon, 12 Apr 2010 16:00:33 -0600
Date: Mon, 12 Apr 2010 16:00:33 -0600
X-Spam-Status: No, score=-101.8 required=5.0 tests=BAYES_00,
    DATE_IN_FUTURE_48_96,EXTRA_MPART_TYPE,HTML_MESSAGE,T_RP_MATCHES_RCVD,
    WHITELISTED,WHITE_TEXT autolearn=disabled version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
    pdxgw1.{removed}.com


I have also been able to enable logging of the Received header generated by
spamass-milter as seen by SpamAssassin.  The Received headers that were passed
to SA are:

Received: from {removed}.com (ex1.{removed}.com [67.88.100.172])
    by pdxgw1.{removed}.com(8.13.8/8.13.8) with ESMTP id o3CM0YMx014752
    Thu, 8 Apr 2010 15:23:50 -0700
    (envelope-from <{removed}@{removed}.com>
Received: from ([10.1.1.10]) by mail.{removed}.com with ESMTP  id
0822B00820.2144728; Mon, 12 Apr 2010 16:00:33 -0600


The "Thu, 8 Apr 2010 15:23:50 -0700" Received date that SpamAssassin saw
appears to be in error.

I will attempt to follow-up with the group responsible for spamass-milter.

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.