You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Reindl Harald <h....@thelounge.net> on 2016/02/26 14:30:23 UTC
VERY_LONG_REPTO_SHORT_MSG
score VERY_LONG_REPTO_SHORT_MSG 3.999 3.999 3.999 3.999
header __VERY_LONG_REPTO Reply-To =~ /[^\s\@]{20,}\@/
Reply-To: malgorzata.warminska@oranet.pl
very long?
20 chars?
4 points?
seriously?
that needs to be lower scored or 20 raised to much higher values
Re: VERY_LONG_REPTO_SHORT_MSG
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.02.2016 um 15:15 schrieb RW:
> On Fri, 26 Feb 2016 14:30:23 +0100
> Reindl Harald wrote:
>
>> score VERY_LONG_REPTO_SHORT_MSG 3.999 3.999 3.999 3.999
>> header __VERY_LONG_REPTO Reply-To =~ /[^\s\@]{20,}\@/
>>
>> Reply-To: malsorzata.warminskw@oranet.pl
>>
>> very long?
>> 20 chars?
>> 4 points?
>> seriously?
>>
>> that needs to be lower scored or 20 raised to much higher values
>
> or perhaps include ".+-_" in the list of excluded
> characters - it's pretty reckless as it stands
>
> $ printf "<Richard.Milhous.Nixon" | wc -c
> 22
>
> $ printf "<homer.simpson+amazon" | wc -c
> 21
even the SHORT_MSG part is questionable, the FP was a hotel booking
request and we scored that down to fixed 0.5 points
* 9 not very long lines of normal content
* --
* --
* 8 signature lines, each prefixed with ":: "
combined with
* score REPLYTO_WITHOUT_TO_CC 2.399 1.946 0.607 1.552
* score MISSING_HEADERS 0.915 1.207 1.204 1.021
* score BAYES_50 0 0 2.0 0.8
the rule above is a posion pill, hits here 50% ham and 50 % spam while
the spam would have been rejected anyways
for 12 hits in the complete month not worth the troubles of a FP
Re: VERY_LONG_REPTO_SHORT_MSG
Posted by RW <rw...@googlemail.com>.
On Fri, 26 Feb 2016 14:30:23 +0100
Reindl Harald wrote:
> score VERY_LONG_REPTO_SHORT_MSG 3.999 3.999 3.999 3.999
> header __VERY_LONG_REPTO Reply-To =~ /[^\s\@]{20,}\@/
>
> Reply-To: malgorzata.warminska@oranet.pl
>
> very long?
> 20 chars?
> 4 points?
> seriously?
>
> that needs to be lower scored or 20 raised to much higher values
or perhaps include ".+-_" in the list of excluded
characters - it's pretty reckless as it stands
$ printf "<Richard.Milhous.Nixon" | wc -c
22
$ printf "<homer.simpson+amazon" | wc -c
21
Re: VERY_LONG_REPTO_SHORT_MSG
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.02.2016 um 19:03 schrieb Bowie Bailey:
> On 2/26/2016 12:46 PM, Antony Stone wrote:
>> On Friday 26 February 2016 at 18:14:53, Axb wrote:
>>
>>> On 02/26/2016 06:04 PM, John Hardin wrote:
>>>> On Fri, 26 Feb 2016, Reindl Harald wrote:
>>>>> score VERY_LONG_REPTO_SHORT_MSG 3.999 3.999 3.999 3.999
>>>>> header __VERY_LONG_REPTO Reply-To =~ /[^\s\@]{20,}\@/
>>>>>
>>>>> Reply-To: malgorzata.warminska@oranet.pl
>>>>>
>>>>> very long?
>>>>> 20 chars?
>>>>> 4 points?
>>>>> seriously?
>>>>>
>>>>> that needs to be lower scored or 20 raised to much higher values
>>>> OK, set to 25 and limit 3.5
>>> This rule is definitely bad.
>>> A lot of euro languages have domains with a ton of chars.
>>> imo, a lame excuse of a rule.
>>>
>>> my LOUD -1 for this kind of exercise.
>> And another from me (40 chars in my address, for example).
>>
>> Antony.Stone@SpamAssassin.Open.Source.IT
>
> Take another look at that regex. It's not matching domains. The match
> has to be followed by an @, so it is matching the user part of the address.
correct
> FWIW, the VERY_LONG_REPTO_SHORT_MSG rule has not hit anything at all on
> my server in the last month
and hence it's so bad, it don't hit any relevant amount of messages and
when it hits the FP risk is way too high - the few spam messages it hits
are blocked by enough other (more sensible) rules
Re: VERY_LONG_REPTO_SHORT_MSG
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Fri, 26 Feb 2016, Bowie Bailey wrote:
> On 2/26/2016 12:46 PM, Antony Stone wrote:
>> On Friday 26 February 2016 at 18:14:53, Axb wrote:
>>
>>> On 02/26/2016 06:04 PM, John Hardin wrote:
>>>> On Fri, 26 Feb 2016, Reindl Harald wrote:
>>>>> score VERY_LONG_REPTO_SHORT_MSG 3.999 3.999 3.999 3.999
>>>>> header __VERY_LONG_REPTO Reply-To =~ /[^\s\@]{20,}\@/
>>>>>
>>>>> Reply-To: malgorzata.warminska@oranet.pl
>>>>>
>>>>> very long?
>>>>> 20 chars?
>>>>> 4 points?
>>>>> seriously?
>>>>>
>>>>> that needs to be lower scored or 20 raised to much higher values
>>>> OK, set to 25 and limit 3.5
>>> This rule is definitely bad.
>>> A lot of euro languages have domains with a ton of chars.
>>> imo, a lame excuse of a rule.
>>>
>>> my LOUD -1 for this kind of exercise.
>> And another from me (40 chars in my address, for example).
>>
>>
>> Antony.Stone@SpamAssassin.Open.Source.IT
>
> Take another look at that regex. It's not matching domains. The match has
> to be followed by an @, so it is matching the user part of the address.
>
> FWIW, the VERY_LONG_REPTO_SHORT_MSG rule has not hit anything at all on my
> server in the last month.
We had to tune that rule down quite a while ago. When you have an institutional
system which generates e-mail addresses based upon transliterated first-lastname
and have an international user community (including Latinos, people from
the middle-east or asian-Indians) you end up with addresses such as:
chethyaupalakXYZ-ranasinghe@uiowa.edu
hernan-nabucolevaXYZreirafreitas@uiowa.edu
ammarsahibabdulameer-XYZhafaji@uiowa.edu
So we see regular FPs on that rule (say 5~10 per month)
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: VERY_LONG_REPTO_SHORT_MSG
Posted by Bowie Bailey <Bo...@BUC.com>.
On 2/26/2016 12:46 PM, Antony Stone wrote:
> On Friday 26 February 2016 at 18:14:53, Axb wrote:
>
>> On 02/26/2016 06:04 PM, John Hardin wrote:
>>> On Fri, 26 Feb 2016, Reindl Harald wrote:
>>>> score VERY_LONG_REPTO_SHORT_MSG 3.999 3.999 3.999 3.999
>>>> header __VERY_LONG_REPTO Reply-To =~ /[^\s\@]{20,}\@/
>>>>
>>>> Reply-To: malgorzata.warminska@oranet.pl
>>>>
>>>> very long?
>>>> 20 chars?
>>>> 4 points?
>>>> seriously?
>>>>
>>>> that needs to be lower scored or 20 raised to much higher values
>>> OK, set to 25 and limit 3.5
>> This rule is definitely bad.
>> A lot of euro languages have domains with a ton of chars.
>> imo, a lame excuse of a rule.
>>
>> my LOUD -1 for this kind of exercise.
> And another from me (40 chars in my address, for example).
>
>
> Antony.Stone@SpamAssassin.Open.Source.IT
Take another look at that regex. It's not matching domains. The match
has to be followed by an @, so it is matching the user part of the address.
FWIW, the VERY_LONG_REPTO_SHORT_MSG rule has not hit anything at all on
my server in the last month.
--
Bowie
Re: VERY_LONG_REPTO_SHORT_MSG
Posted by John Hardin <jh...@impsec.org>.
On Fri, 26 Feb 2016, Antony Stone wrote:
> On Friday 26 February 2016 at 18:14:53, Axb wrote:
>
>> On 02/26/2016 06:04 PM, John Hardin wrote:
>>> On Fri, 26 Feb 2016, Reindl Harald wrote:
>>>> score VERY_LONG_REPTO_SHORT_MSG 3.999 3.999 3.999 3.999
>>>> header __VERY_LONG_REPTO Reply-To =~ /[^\s\@]{20,}\@/
>>>>
>>>> Reply-To: malgorzata.warminska@oranet.pl
>>>>
>>>> very long?
>>>> 20 chars?
>>>> 4 points?
>>>> seriously?
>>>>
>>>> that needs to be lower scored or 20 raised to much higher values
>>>
>>> OK, set to 25 and limit 3.5
>>
>> This rule is definitely bad.
>> A lot of euro languages have domains with a ton of chars.
>> imo, a lame excuse of a rule.
>>
>> my LOUD -1 for this kind of exercise.
>
> And another from me (40 chars in my address, for example).
>
>
> Antony.Stone@SpamAssassin.Open.Source.IT
It's not based on the domain part. 12 chars in that example does not
trigger the rule.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The ["assault weapons"] ban is the moral equivalent of banning red
cars because they look too fast. -- Steve Chapman, Chicago Tribune
-----------------------------------------------------------------------
67 days since the first successful real return to launch site (SpaceX)
Re: VERY_LONG_REPTO_SHORT_MSG
Posted by Antony Stone <An...@spamassassin.open.source.it>.
On Friday 26 February 2016 at 18:14:53, Axb wrote:
> On 02/26/2016 06:04 PM, John Hardin wrote:
> > On Fri, 26 Feb 2016, Reindl Harald wrote:
> >> score VERY_LONG_REPTO_SHORT_MSG 3.999 3.999 3.999 3.999
> >> header __VERY_LONG_REPTO Reply-To =~ /[^\s\@]{20,}\@/
> >>
> >> Reply-To: malgorzata.warminska@oranet.pl
> >>
> >> very long?
> >> 20 chars?
> >> 4 points?
> >> seriously?
> >>
> >> that needs to be lower scored or 20 raised to much higher values
> >
> > OK, set to 25 and limit 3.5
>
> This rule is definitely bad.
> A lot of euro languages have domains with a ton of chars.
> imo, a lame excuse of a rule.
>
> my LOUD -1 for this kind of exercise.
And another from me (40 chars in my address, for example).
Antony.Stone@SpamAssassin.Open.Source.IT
--
"Once you have a panic, things tend to become rather undefined."
- murble
Please reply to the list;
please *don't* CC me.
Re: VERY_LONG_REPTO_SHORT_MSG
Posted by John Hardin <jh...@impsec.org>.
On Fri, 26 Feb 2016, Axb wrote:
> On 02/26/2016 06:04 PM, John Hardin wrote:
>> On Fri, 26 Feb 2016, Reindl Harald wrote:
>>
>> > score VERY_LONG_REPTO_SHORT_MSG 3.999 3.999 3.999 3.999
>> > header __VERY_LONG_REPTO Reply-To =~ /[^\s\@]{20,}\@/
>> >
>> > Reply-To: malgorzata.warminska@oranet.pl
>> >
>> > very long?
>> > 20 chars?
>> > 4 points?
>> > seriously?
>> >
>> > that needs to be lower scored or 20 raised to much higher values
>>
>> OK, set to 25 and limit 3.5
>
> This rule is definitely bad.
> A lot of euro languages have domains with a ton of chars.
It's not based on the domain part.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The ["assault weapons"] ban is the moral equivalent of banning red
cars because they look too fast. -- Steve Chapman, Chicago Tribune
-----------------------------------------------------------------------
67 days since the first successful real return to launch site (SpaceX)
Re: VERY_LONG_REPTO_SHORT_MSG
Posted by Axb <ax...@gmail.com>.
On 02/26/2016 08:10 PM, John Hardin wrote:
> On Fri, 26 Feb 2016, Axb wrote:
>
>> On 02/26/2016 07:07 PM, RW wrote:
>>> On Fri, 26 Feb 2016 18:14:53 +0100
>>> Axb wrote:
>>>
>>> > On 02/26/2016 06:04 PM, John Hardin wrote:
>>> > > On Fri, 26 Feb 2016, Reindl Harald wrote:
>>> > > > > > score VERY_LONG_REPTO_SHORT_MSG 3.999 3.999
>>> 3.999 3.999
>>> > > > header __VERY_LONG_REPTO Reply-To
>>> > > > =~ /[^\s\@]{20,}\@/
>>> > > > > > > Reply-To: malgorzata.warminska@oranet.pl
>>> > > > > > > very long?
>>> > > > 20 chars?
>>> > > > 4 points?
>>> > > > seriously?
>>> > > > > > > that needs to be lower scored or 20 raised to much
>>> higher values
>>> > > > > OK, set to 25 and limit 3.5
>>> > > > > This rule is definitely bad.
>>> > A lot of euro languages have domains with a ton of chars.
>>> > imo, a lame excuse of a rule.
>>>
>>> It's actually the local-part rather than the domain.
>>>
>>> I notice that lots of companies use reply-to addresses with
>>> very long identifiers - e.g. my credit card company and ISP both use
>>> the form:
>>>
>>> support-7d83jt8tjd746h49tg9hk5d8jgf87f@...
>>
>> oops - missed the right side... then it's even worse...
>> sorry... no matter if left or right of the @, I still think it's lame...
>
> OK, scored rule disabled.
I don't understand how it got that score with this kind of hit rate
http://ruleqa.spamassassin.org/20160225-r1732263-n/VERY_LONG_REPTO_SHORT_MSG/detail
seems scary that a S/O of 1 coming from such a small sample set can push
the score so high...
Re: VERY_LONG_REPTO_SHORT_MSG
Posted by John Hardin <jh...@impsec.org>.
On Fri, 26 Feb 2016, Axb wrote:
> On 02/26/2016 07:07 PM, RW wrote:
>> On Fri, 26 Feb 2016 18:14:53 +0100
>> Axb wrote:
>>
>> > On 02/26/2016 06:04 PM, John Hardin wrote:
>> > > On Fri, 26 Feb 2016, Reindl Harald wrote:
>> > >
>> > > > score VERY_LONG_REPTO_SHORT_MSG 3.999 3.999 3.999 3.999
>> > > > header __VERY_LONG_REPTO Reply-To
>> > > > =~ /[^\s\@]{20,}\@/
>> > > >
>> > > > Reply-To: malgorzata.warminska@oranet.pl
>> > > >
>> > > > very long?
>> > > > 20 chars?
>> > > > 4 points?
>> > > > seriously?
>> > > >
>> > > > that needs to be lower scored or 20 raised to much higher values
>> > >
>> > > OK, set to 25 and limit 3.5
>> > >
>> >
>> > This rule is definitely bad.
>> > A lot of euro languages have domains with a ton of chars.
>> > imo, a lame excuse of a rule.
>>
>> It's actually the local-part rather than the domain.
>>
>> I notice that lots of companies use reply-to addresses with
>> very long identifiers - e.g. my credit card company and ISP both use
>> the form:
>>
>> support-7d83jt8tjd746h49tg9hk5d8jgf87f@...
>
> oops - missed the right side... then it's even worse...
> sorry... no matter if left or right of the @, I still think it's lame...
OK, scored rule disabled.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
But if there is no such inalienable right [to self defense], the
entire nature of the social contract is changed. Each man’s worth
is measured solely by his utility to the state, and as such the
value of his life rides a roller coaster not unlike the stock
market: dependent not only upon the preferences of the party in
power but upon the whims of its political leaders and the
permanent bureaucratic class. -- Mike McDaniel
-----------------------------------------------------------------------
67 days since the first successful real return to launch site (SpaceX)
Re: VERY_LONG_REPTO_SHORT_MSG
Posted by Axb <ax...@gmail.com>.
On 02/26/2016 07:07 PM, RW wrote:
> On Fri, 26 Feb 2016 18:14:53 +0100
> Axb wrote:
>
>> On 02/26/2016 06:04 PM, John Hardin wrote:
>>> On Fri, 26 Feb 2016, Reindl Harald wrote:
>>>
>>>> score VERY_LONG_REPTO_SHORT_MSG 3.999 3.999 3.999 3.999
>>>> header __VERY_LONG_REPTO Reply-To
>>>> =~ /[^\s\@]{20,}\@/
>>>>
>>>> Reply-To: malgorzata.warminska@oranet.pl
>>>>
>>>> very long?
>>>> 20 chars?
>>>> 4 points?
>>>> seriously?
>>>>
>>>> that needs to be lower scored or 20 raised to much higher values
>>>
>>> OK, set to 25 and limit 3.5
>>>
>>
>> This rule is definitely bad.
>> A lot of euro languages have domains with a ton of chars.
>> imo, a lame excuse of a rule.
>
> It's actually the local-part rather than the domain.
>
> I notice that lots of companies use reply-to addresses with
> very long identifiers - e.g. my credit card company and ISP both use
> the form:
>
> support-7d83jt8tjd746h49tg9hk5d8jgf87f@...
>
oops - missed the right side... then it's even worse...
sorry... no matter if left or right of the @, I still think it's lame...
Re: VERY_LONG_REPTO_SHORT_MSG
Posted by RW <rw...@googlemail.com>.
On Fri, 26 Feb 2016 18:14:53 +0100
Axb wrote:
> On 02/26/2016 06:04 PM, John Hardin wrote:
> > On Fri, 26 Feb 2016, Reindl Harald wrote:
> >
> >> score VERY_LONG_REPTO_SHORT_MSG 3.999 3.999 3.999 3.999
> >> header __VERY_LONG_REPTO Reply-To
> >> =~ /[^\s\@]{20,}\@/
> >>
> >> Reply-To: malgorzata.warminska@oranet.pl
> >>
> >> very long?
> >> 20 chars?
> >> 4 points?
> >> seriously?
> >>
> >> that needs to be lower scored or 20 raised to much higher values
> >
> > OK, set to 25 and limit 3.5
> >
>
> This rule is definitely bad.
> A lot of euro languages have domains with a ton of chars.
> imo, a lame excuse of a rule.
It's actually the local-part rather than the domain.
I notice that lots of companies use reply-to addresses with
very long identifiers - e.g. my credit card company and ISP both use
the form:
support-7d83jt8tjd746h49tg9hk5d8jgf87f@...
Re: VERY_LONG_REPTO_SHORT_MSG
Posted by Axb <ax...@gmail.com>.
On 02/26/2016 06:04 PM, John Hardin wrote:
> On Fri, 26 Feb 2016, Reindl Harald wrote:
>
>> score VERY_LONG_REPTO_SHORT_MSG 3.999 3.999 3.999 3.999
>> header __VERY_LONG_REPTO Reply-To =~ /[^\s\@]{20,}\@/
>>
>> Reply-To: malgorzata.warminska@oranet.pl
>>
>> very long?
>> 20 chars?
>> 4 points?
>> seriously?
>>
>> that needs to be lower scored or 20 raised to much higher values
>
> OK, set to 25 and limit 3.5
>
This rule is definitely bad.
A lot of euro languages have domains with a ton of chars.
imo, a lame excuse of a rule.
my LOUD -1 for this kind of exercise.
Re: VERY_LONG_REPTO_SHORT_MSG
Posted by John Hardin <jh...@impsec.org>.
On Fri, 26 Feb 2016, Reindl Harald wrote:
> score VERY_LONG_REPTO_SHORT_MSG 3.999 3.999 3.999 3.999
> header __VERY_LONG_REPTO Reply-To =~ /[^\s\@]{20,}\@/
>
> Reply-To: malgorzata.warminska@oranet.pl
>
> very long?
> 20 chars?
> 4 points?
> seriously?
>
> that needs to be lower scored or 20 raised to much higher values
OK, set to 25 and limit 3.5
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
End users want eye candy and the "ooo's and aaaahhh's" experience
when reading mail. To them email isn't a tool, but an entertainment
form. -- Steve Lake
-----------------------------------------------------------------------
67 days since the first successful real return to launch site (SpaceX)