You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2011/09/25 21:23:42 UTC

[Bug 6664] New: check_freemail_header() misses many domains

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6664

             Bug #: 6664
           Summary: check_freemail_header() misses many domains
           Product: Spamassassin
           Version: 3.3.1
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Plugins
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: cedric@gn.apc.org
    Classification: Unclassified


Created attachment 4972
  --> https://issues.apache.org/SpamAssassin/attachment.cgi?id=4972
Patch to Freemail.pm to catch freemail forgeries

FREEMAIL_FORGED_REPLYTO is missing about 50% of potential hits, because the
Reply-To address passed to _is_freemail() is usually terminated with a chevron
and/or newline.  As a result it only matches the regexes ending .*.  This is
because of a Perl programming error.  What is intended is:

@@ -419,7 +423,7 @@
         }
     }

-    my $email = lc($pms->get(index($header,':') ? $header : $header.":addr"));
+    my $email = lc($pms->get(index($header,':') >= 0 ? $header :
$header.":addr"));

     if ($email eq '') {
         dbg("header $header not found from mail");

However, there are further issues I'd suggest fixing at the same time. 
Firstly, a spammer wanting a reply to a freemail address might include it as
one of *multiple* addresses in a Reply-To header.  Hence, each should be tested
for freemail and compared to the From.  

Secondly, by adding an optional parameter for a header to compare to,
FREEMAIL_FORGED_REPLYTO could be made quite versatile and catch more freemail
spam in the first instance then FREEMAIL_REPLYTO (excluding lists and annoying
anomalies like Linkedin in the rules); also FREEMAIL_REPLYTO_END_DIGIT could
lose the FPs where From and Reply-To are equal (eg in a personalised Mailman
list); and various other combinations testing (X-)Sender and Errors-To against
>From become possible.  (I've tested the variant rules against a live stream and
would like to submit them for mass testing and scoring in a separate bug.)

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6664] check_freemail_header() misses many domains

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6664

--- Comment #5 from Mark Martinec <Ma...@ijs.si> 2011-10-04 16:49:17 UTC ---
> As a result it only matches the regexes ending .*.
> This is because of a Perl programming error.

A bug indeed, index() returns -1 on a failure.


Where does the $hdrexclude in the patch come from?
Should be declared, defined and documented.

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6664] check_freemail_header() misses many domains

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6664

Kevin A. McGrail <km...@pccc.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kmcgrail@pccc.com

--- Comment #4 from Kevin A. McGrail <km...@pccc.com> 2011-09-26 13:31:45 UTC ---
(In reply to comment #3)
> (BTW I have signed a CLA as listed at
> http://people.apache.org/committer-index.html#unlistedclas)

CLA status should be up to date.  Thanks.

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6664] check_freemail_header() misses many domains

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6664

Cedric Knight <ce...@gn.apc.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |cedric@gn.apc.org

--- Comment #3 from Cedric Knight <ce...@gn.apc.org> 2011-09-25 19:53:02 UTC ---
(BTW I have signed a CLA as listed at
http://people.apache.org/committer-index.html#unlistedclas)

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6664] check_freemail_header() misses many domains

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6664

--- Comment #2 from Cedric Knight <ce...@gn.apc.org> 2011-09-25 19:30:32 UTC ---
Created attachment 4974
  --> https://issues.apache.org/SpamAssassin/attachment.cgi?id=4974
Easier test case caught by either complete or partial fix

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6664] check_freemail_header() misses many domains

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6664

--- Comment #1 from Cedric Knight <ce...@gn.apc.org> 2011-09-25 19:29:10 UTC ---
Created attachment 4973
  --> https://issues.apache.org/SpamAssassin/attachment.cgi?id=4973
Test case that intended code will miss

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.