You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2012/12/10 18:34:09 UTC
[Bug 6875] User with Zmailer getting flagged for TAB_IN_FROM and
KB_FROM_CONTAINS_TAB
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6875
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail@pccc.com
--- Comment #1 from Kevin A. McGrail <km...@pccc.com> ---
For now, I've lowered the scores but I think this zmailer issue might need to
be looked into again from bug 6429.
svn commit -m 'Bug 6875 to try and lower scores re: tabs in date and from
header'
Sending rulesrc/sandbox/hege/20_hk.cf
Sending rulesrc/sandbox/kb/20_header.cf
Transmitting file data ..
Committed revision 1419599.
--
You are receiving this mail because:
You are the assignee for the bug.
Re: [Bug 6875] User with Zmailer getting flagged for TAB_IN_FROM
and KB_FROM_CONTAINS_TAB
Posted by John Hardin <jh...@impsec.org>.
On Mon, 10 Dec 2012, Axb wrote:
> On 12/10/2012 11:29 PM, John Hardin wrote:
>> On Mon, 10 Dec 2012, Axb wrote:
>>
>> > Why isn't Zmailer dev requested to fix it?
>> > Lowering our defenses for software which hardly anybody uses anymore
>> > and which hasn't seen a release since 2007?
>>
>> If the performance apart from zmailer is good in masscheck, then perhaps
>> an offsetting score for zmailer MUA only?
>
> Zmailer is a fossil of a MTA, not a MUA.
Ah. Ok. But the question is still valid, assuming there's some way to
identify Zmailer in the Received headers...
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Activist: Someone who gets involved.
Unregistered Lobbyist: Someone who gets involved with something
the MSM doesn't approve of. -- WizardPC
-----------------------------------------------------------------------
5 days until Bill of Rights day
Re: [Bug 6875] User with Zmailer getting flagged for TAB_IN_FROM
and KB_FROM_CONTAINS_TAB
Posted by Axb <ax...@gmail.com>.
On 12/10/2012 11:29 PM, John Hardin wrote:
> On Mon, 10 Dec 2012, Axb wrote:
>
>> Why isn't Zmailer dev requested to fix it?
>> Lowering our defenses for software which hardly anybody uses anymore
>> and which hasn't seen a release since 2007?
>
> If the performance apart from zmailer is good in masscheck, then perhaps
> an offsetting score for zmailer MUA only?
>
Zmailer is a fossil of a MTA, not a MUA.
Re: [Bug 6875] User with Zmailer getting flagged for TAB_IN_FROM
and KB_FROM_CONTAINS_TAB
Posted by John Hardin <jh...@impsec.org>.
On Mon, 10 Dec 2012, Axb wrote:
> Why isn't Zmailer dev requested to fix it?
> Lowering our defenses for software which hardly anybody uses anymore and
> which hasn't seen a release since 2007?
If the performance apart from zmailer is good in masscheck, then perhaps
an offsetting score for zmailer MUA only?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Activist: Someone who gets involved.
Unregistered Lobbyist: Someone who gets involved with something
the MSM doesn't approve of. -- WizardPC
-----------------------------------------------------------------------
5 days until Bill of Rights day
Re: [Bug 6875] User with Zmailer getting flagged for TAB_IN_FROM
and KB_FROM_CONTAINS_TAB
Posted by Axb <ax...@gmail.com>.
On 12/10/2012 11:02 PM, Kevin A. McGrail wrote:
> On 12/10/2012 4:58 PM, Axb wrote:
>> On 12/10/2012 10:48 PM, Kevin A. McGrail wrote:
>>> On 12/10/2012 4:44 PM, Axb wrote:
>>>> Why isn't Zmailer dev requested to fix it?
>>> I don't even know what zmailer is ;-)
>>>> Lowering our defenses for software which hardly anybody uses anymore
>>>> and which hasn't seen a release since 2007?
>>>> (ftp://ftp.funet.fi/pub/unix/mail/zmailer/src/)
>>> I didn't consider it an issue since I couldn't find any hits with the
>>> rules in my corpora. Do you ever have it fire? Otherwise, it's a rule
>>> that has an S/O of 0 hitting only on Hams.
>>>
>>
>>
>> http://ruleqa.spamassassin.org/20121210-r1419267-n/TAB_IN_FROM/detail
>>
>> hitting 18% of our spam corpus.
>>
>> Wonder what the ham is in Darxus' corpus.....
> Wow, to go from 0 on my end checking a corpora of millions of messages
> to yours with an 18% hit. Possible something on your end is
> reformatting things to add it?
>
> Any rhyme or reason you can find?
Although these messages are passed thru SA, the subject is not
modified/tagged. Nothing modifies the "From" header unless procmail has
developed a new habit, although then it would have to hit way more of my
fraud corpus.
Also, the two corpus with the most hits: "foo" amd "sa-users" are very
similar and have many traits in common.
> Also I don't know that Darxus had the issue. This was a complaint from
> Apache infrastructure.
Re: [Bug 6875] User with Zmailer getting flagged for TAB_IN_FROM
and KB_FROM_CONTAINS_TAB
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 12/10/2012 4:58 PM, Axb wrote:
> On 12/10/2012 10:48 PM, Kevin A. McGrail wrote:
>> On 12/10/2012 4:44 PM, Axb wrote:
>>> Why isn't Zmailer dev requested to fix it?
>> I don't even know what zmailer is ;-)
>>> Lowering our defenses for software which hardly anybody uses anymore
>>> and which hasn't seen a release since 2007?
>>> (ftp://ftp.funet.fi/pub/unix/mail/zmailer/src/)
>> I didn't consider it an issue since I couldn't find any hits with the
>> rules in my corpora. Do you ever have it fire? Otherwise, it's a rule
>> that has an S/O of 0 hitting only on Hams.
>>
>
>
> http://ruleqa.spamassassin.org/20121210-r1419267-n/TAB_IN_FROM/detail
>
> hitting 18% of our spam corpus.
>
> Wonder what the ham is in Darxus' corpus.....
Wow, to go from 0 on my end checking a corpora of millions of messages
to yours with an 18% hit. Possible something on your end is
reformatting things to add it?
Any rhyme or reason you can find?
Also I don't know that Darxus had the issue. This was a complaint from
Apache infrastructure.
Regards,
KAM
Re: [Bug 6875] User with Zmailer getting flagged for TAB_IN_FROM
and KB_FROM_CONTAINS_TAB
Posted by Axb <ax...@gmail.com>.
On 12/10/2012 10:48 PM, Kevin A. McGrail wrote:
> On 12/10/2012 4:44 PM, Axb wrote:
>> Why isn't Zmailer dev requested to fix it?
> I don't even know what zmailer is ;-)
>> Lowering our defenses for software which hardly anybody uses anymore
>> and which hasn't seen a release since 2007?
>> (ftp://ftp.funet.fi/pub/unix/mail/zmailer/src/)
> I didn't consider it an issue since I couldn't find any hits with the
> rules in my corpora. Do you ever have it fire? Otherwise, it's a rule
> that has an S/O of 0 hitting only on Hams.
>
http://ruleqa.spamassassin.org/20121210-r1419267-n/TAB_IN_FROM/detail
hitting 18% of our spam corpus.
Wonder what the ham is in Darxus' corpus.....
Re: [Bug 6875] User with Zmailer getting flagged for TAB_IN_FROM
and KB_FROM_CONTAINS_TAB
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 12/10/2012 4:44 PM, Axb wrote:
> Why isn't Zmailer dev requested to fix it?
I don't even know what zmailer is ;-)
> Lowering our defenses for software which hardly anybody uses anymore
> and which hasn't seen a release since 2007?
> (ftp://ftp.funet.fi/pub/unix/mail/zmailer/src/)
I didn't consider it an issue since I couldn't find any hits with the
rules in my corpora. Do you ever have it fire? Otherwise, it's a rule
that has an S/O of 0 hitting only on Hams.
Regards,
KAM
Re: [Bug 6875] User with Zmailer getting flagged for TAB_IN_FROM
and KB_FROM_CONTAINS_TAB
Posted by Axb <ax...@gmail.com>.
On 12/10/2012 06:34 PM, bugzilla-daemon@bugzilla.spamassassin.org wrote:
> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6875
>
> Kevin A. McGrail <km...@pccc.com> changed:
>
> What |Removed |Added
> ----------------------------------------------------------------------------
> CC| |kmcgrail@pccc.com
>
> --- Comment #1 from Kevin A. McGrail <km...@pccc.com> ---
> For now, I've lowered the scores but I think this zmailer issue might need to
> be looked into again from bug 6429.
>
> svn commit -m 'Bug 6875 to try and lower scores re: tabs in date and from
> header'
>
>
> Sending rulesrc/sandbox/hege/20_hk.cf
> Sending rulesrc/sandbox/kb/20_header.cf
> Transmitting file data ..
> Committed revision 1419599.
>
Why isn't Zmailer dev requested to fix it?
Lowering our defenses for software which hardly anybody uses anymore and
which hasn't seen a release since 2007?
(ftp://ftp.funet.fi/pub/unix/mail/zmailer/src/)
imo, same should apply to any other software putting tabs all over the
place.