You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2008/04/17 03:46:20 UTC
[Bug 5884] New: check_whitelist_bounce_relays misclassifying mail as
backscatter
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5884
Summary: check_whitelist_bounce_relays misclassifying mail as
backscatter
Product: Spamassassin
Version: 3.2.4
Platform: Other
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Plugins
AssignedTo: dev@spamassassin.apache.org
ReportedBy: jhaar@trimble.co.nz
Hi there
I'm trying to get Vbounce to tag backscatter correctly, and am finding that it
misclassifies Out of Office mail as backscatter.
Looking at "sub check_whitelist_bounce_relays" I think I can see why.
It looks for Received headers containing whitelist_bounce_relays, and if it
finds one, tags it as valid - it then marks all others as invalid (ie
backscatter). That is not the case. *only if* it found other Received headers
would that be the case.
How about this instead - I use $found_received to confirm there was at least
one Received header:
sub check_whitelist_bounce_relays {
my ($self, $pms) = @_;
my $body = $pms->get_decoded_stripped_body_text_array();
my $res;
my $found_received;
# catch lines like:
# Received: by dogma.boxhost.net (Postfix, from userid 1007)
# check the plain-text body, first
foreach my $line (@{$body}) {
next unless ($line =~ /Received: /);
$found_received++;
while ($line =~ / (\S+\.\S+) /g) {
return 1 if $self->_relay_is_in_whitelist_bounce_relays($pms, $1);
}
}
# now check any "message/anything" attachment MIME parts, too.
# don't use the more efficient find_parts() method until bug 5331 is
# fixed, otherwise we'll miss some messages due to their MIME structure
my $pristine = $pms->{msg}->get_pristine_body();
foreach my $line ($pristine =~ /^(.*)$/gm) {
next unless $line && ($line =~ /Received: /);
$found_received++;
while ($line =~ / (\S+\.\S+) /g) {
return 1 if $self->_relay_is_in_whitelist_bounce_relays($pms, $1);
}
}
if ($found_received) {
return 0;
}else{
return 1;
}
}
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5884] check_whitelist_bounce_relays misclassifying mail as
backscatter
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5884
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #2 from Justin Mason <jm...@jmason.org> 2008-04-20 16:01:13 PST ---
applied to trunk:
: jm 134...; svn commit -m "bug 5884: BOUNCE_MESSAGE rules from the VBounce
ruleset should not match unless a message contains at least 1 Received: header.
this allows locally-generated bounces to be rescued from being hit. Fix
thanks to Jason Haar" lib/Mail/SpamAssassin/Plugin/VBounce.pm
Sending lib/Mail/SpamAssassin/Plugin/VBounce.pm
Transmitting file data .
Committed revision 649996.
thanks Jason!
(btw committers -- note that I've started omitting patch contributors' email
addresses from commit messages. IMO they're redundant seeing as the linked
bugzilla entry contains them anyway. shout if this annoys you ;)
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5884] check_whitelist_bounce_relays misclassifying mail as
backscatter
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5884
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
--- Comment #7 from Justin Mason <jm...@jmason.org> 2008-07-10 07:38:25 PST ---
checked into trunk:
: jm 175...; svn commit -m "bug 5884: if a BOUNCE_MESSAGE-hitting message has
no Received headers, it can still be backscatter; check to see if the
bounce-generating MTA was trusted, and if not, classify as backscatter anyway,
since a mail from us to an external site should always contain Received headers
before it's bounced."
Sending lib/Mail/SpamAssassin/Plugin/VBounce.pm
Sending rules/20_vbounce.cf
Transmitting file data ..
Committed revision 675595.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5884] check_whitelist_bounce_relays misclassifying mail as
backscatter
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5884
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |ASSIGNED
--- Comment #6 from Justin Mason <jm...@jmason.org> 2008-07-10 07:30:54 PST ---
(In reply to comment #1)
> good point -- a bounced message with no Received: headers should always be
> local.
actually, I'm partially wrong here. This is only the case if the message was
generated by a trusted MTA.
Consider the case where a spam message contains your addr as the sender, and no
Received hdrs. This message is sent to a remote MTA, and that MTA generates a
bounce; the bounce will contain that message, with no Received hdrs, but will
be sent to you. It's still a backscatter bounce, and should be rejected, even
though it contains no Received hdrs in the bounced message! The
"centroshop.ru" sample in that FNs mbox demonstrates this scenario.
So I'm going to change the "no Received headers found" check. instead, I'll
change it to a "generated by trusted relay" check. In other words, the message
has to be generated by a trusted relay for it to evade the BOUNCE_MESSAGE
rule. This fixes the bug case you're talking about -- just add those
OOO-generating local relays to be in your trusted network set!
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5884] check_whitelist_bounce_relays misclassifying mail as
backscatter
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5884
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Priority|P5 |P2
Resolution|FIXED |
--- Comment #3 from Justin Mason <jm...@jmason.org> 2008-05-17 01:17:22 PST ---
actually, may need to revisit this.
some bouncers don't include the entire bounced message, but we still want to be
able to refuse their noise (C/R, virus bounces for example). so we need to
differentiate those senders from the general case, and not require Received
hdrs for those.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5884] check_whitelist_bounce_relays misclassifying mail as
backscatter
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5884
--- Comment #5 from Justin Mason <jm...@jmason.org> 2008-06-26 09:40:16 PST ---
Created an attachment (id=4343)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4343)
mbox of FNs
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5884] check_whitelist_bounce_relays misclassifying mail as
backscatter
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5884
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|Undefined |3.3.0
--- Comment #1 from Justin Mason <jm...@jmason.org> 2008-04-17 03:15:54 PST ---
good point -- a bounced message with no Received: headers should always be
local.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5884] check_whitelist_bounce_relays misclassifying mail as
backscatter
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5884
--- Comment #4 from Justin Mason <jm...@jmason.org> 2008-06-26 09:39:35 PST ---
(In reply to comment #3)
> actually, may need to revisit this.
>
> some bouncers don't include the entire bounced message, but we still want to be
> able to refuse their noise (C/R, virus bounces for example). so we need to
> differentiate those senders from the general case, and not require Received
> hdrs for those.
here's a selection of FNs I've collected along these lines; I'll figure out
what rules they're firing on, and exempt them from the "no Received == always
good" feature.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.