You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "James B. Byrne" <by...@harte-lyne.ca> on 2014/06/02 17:51:38 UTC
Header present but MISSING_FROM triggered
SA 3.3.1 (CentOS-6)
MISSING_FROM rule trigger.
I am curious about the behaviour of this rule. For example I can see this in
a recently received message:
. . .
> X-Spam-Status: No, score=-101.8 tagged_above=-999 required=2.5
> tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, BDY_DRUG=0.2, DKIM_SIGNED=0.1,
> DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MISSING_FROM=1.5,
> RP_MATCHES_RCVD=-0.5, USER_IN_WHITELIST=-100] autolearn=no
. . . -- much DKIM related stuff here including signature --
> Received: from 216.185.71.69
> (SquirrelMail authenticated user byrnejc)
> by webmail.harte-lyne.ca with HTTP;
> Mon, 2 Jun 2014 10:59:07 -0400
> Message-ID: <6f...@webmail.harte-lyne.ca>
> Date: Mon, 2 Jun 2014 10:59:07 -0400
> Subject: PKTA01453294 Guardian Drug PU#655787
> From: "James Byrne (Exports)" <by...@harte-lyne.ca>
> To: . . .
As far as I can tell this message has a From: header. Does MISSING_FROM test
for something else? I cannot tell what it does since all of the explanations
seem to have been removed from https://spamassassin.apache.org/tests.html.
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
Re: Header present but MISSING_FROM triggered
Posted by Axb <ax...@gmail.com>.
On 06/02/2014 05:51 PM, James B. Byrne wrote:
> SA 3.3.1 (CentOS-6)
>
> MISSING_FROM rule trigger.
>
> I am curious about the behaviour of this rule. For example I can see this in
> a recently received message:
>
> . . .
>> X-Spam-Status: No, score=-101.8 tagged_above=-999 required=2.5
>> tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, BDY_DRUG=0.2, DKIM_SIGNED=0.1,
>> DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MISSING_FROM=1.5,
>> RP_MATCHES_RCVD=-0.5, USER_IN_WHITELIST=-100] autolearn=no
>
> . . . -- much DKIM related stuff here including signature --
>
>> Received: from 216.185.71.69
>> (SquirrelMail authenticated user byrnejc)
>> by webmail.harte-lyne.ca with HTTP;
>> Mon, 2 Jun 2014 10:59:07 -0400
>> Message-ID: <6f...@webmail.harte-lyne.ca>
>> Date: Mon, 2 Jun 2014 10:59:07 -0400
>> Subject: PKTA01453294 Guardian Drug PU#655787
>> From: "James Byrne (Exports)" <by...@harte-lyne.ca>
>> To: . . .
>
> As far as I can tell this message has a From: header. Does MISSING_FROM test
> for something else? I cannot tell what it does since all of the explanations
> seem to have been removed from https://spamassassin.apache.org/tests.html.
tried grepping in rules directory? ;-)
header __HAS_FROM exists:From
meta MISSING_FROM !__HAS_FROM
describe MISSING_FROM Missing From: header
rule is so simple it can hardly go wrong...
does it only hit your webmail msgs?
Re: Header present but MISSING_FROM triggered
Posted by John Hardin <jh...@impsec.org>.
On Mon, 2 Jun 2014, James B. Byrne wrote:
>> Received: from 216.185.71.69
>> (SquirrelMail authenticated user byrnejc)
>> by webmail.harte-lyne.ca with HTTP;
>> Mon, 2 Jun 2014 10:59:07 -0400
>> Message-ID: <6f...@webmail.harte-lyne.ca>
>> Date: Mon, 2 Jun 2014 10:59:07 -0400
>> Subject: PKTA01453294 Guardian Drug PU#655787
>> From: "James Byrne (Exports)" <by...@harte-lyne.ca>
>> To: . . .
Is that an accurate verbatim copy-paste from the actual raw message?
If so, the lack of indentation on the header continuation lines may be
screwing things up.
Any possibility of getting a pastebin of such a message?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Perfect Security and Absolute Safety are unattainable; beware
those who would try to sell them to you, regardless of the cost,
for they are trying to sell you your own slavery.
-----------------------------------------------------------------------
4 days until the 70th anniversary of D-Day
Re: Header present but MISSING_FROM triggered
Posted by John Hardin <jh...@impsec.org>.
On Mon, 2 Jun 2014, James B. Byrne wrote:
> * 1.2 MISSING_HEADERS Missing To: header
> * 1.2 MISSING_MID Missing Message-Id: header
> * 1.3 MISSING_SUBJECT Missing Subject: header
> * 1.5 MISSING_FROM Missing From: header
> * 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
> * 1.8 MISSING_DATE Missing Date: header
Your message headers are badly damaged, or there is a blank line at the
beginning of the message as passed to SA.
Again, is that sample of headers a verbatim copy-paste of the raw message?
The header continuation lines are not indented, but that may be an
artifact of pasting them into the body of an email. Again, can you provide
a pastebin of the raw form of that same message?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
There is no better measure of the unthinking contempt of the
environmentalist movement for civilization than their call to
turn off the lights and sit in the dark. -- Sultan Knish
-----------------------------------------------------------------------
4 days until the 70th anniversary of D-Day
Re: Header present but MISSING_FROM triggered
Posted by "James B. Byrne" <by...@harte-lyne.ca>.
Headers of test message (no webmail involved in this transmission as far as I
can tell):
Return-Path: <pr...@international.gc.ca>
Authentication-Results: inet08.hamilton.harte-lyne.ca (amavisd-new);
domainkeys=pass (1024-bit key)
header.from=X.Y@international.gc.ca
header.d=international.gc.ca
Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1])
by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port
10024)
with ESMTP id 2EVW_2VhtCBf; Wed, 14 May 2014 14:04:46 -0400 (EDT)
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
client-ip=198.103.104.106; helo=mail5.international.gc.ca;
envelope-from=prvs=02119b6eb7=X.Y@international.gc.ca;
receiver=byrnejb@harte-lyne.ca
Received: from Mail5.international.gc.ca (mail5.international.gc.ca
[198.103.104.106])
by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP;
Wed, 14 May 2014 14:04:44 -0400 (EDT)
DomainKey-Signature: a=rsa-sha1; s=mail5; d=international.gc.ca; q=dns; c=simple;
h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator:x-dm-mail-id:Content-Type:Content-Transfer-Encoding:MIME-Version:X-EXCLAIMER-MD-CONFIG;
b=lmAaCU5cd3SdRnGlpBpyNt/pO5t65+QhE2zcJJBRvp9D4rO78i1dp9+wg/oOO6RvJaiZAZoWFZhVJoo0GCQZaucJgSug8H80Prz4z9FCNIFzhISQadNUReGZBrEydgd6Tyi/FxnVSx/bceK93HDdvse7dxgWCyvpXVrctosiYjI=;
From: <X....@international.gc.ca>
To: <by...@harte-lyne.ca>
CC: <A....@harte-lyne.ca>
Subject: RE: EICS certificate recovery
Thread-Topic: EICS certificate recovery
Thread-Index: Ac9uHpqtIVvvPHvpQ9Sp07Y8FHGkPAAIbYmAAAhCWwD//8jEgP/9TqzA
Date: Wed, 14 May 2014 18:04:42 +0000
Message-ID:
<39...@LBP-DMEXM12.d.r.dfait-maeci.gc.ca>
References:
<39...@LBP-DMEXM12.d.r.dfait-maeci.gc.ca>
<46...@webmail.harte-lyne.ca>
<39...@LBP-DMEXM12.d.r.dfait-maeci.gc.ca>
<2c...@webmail.harte-lyne.ca>
In-Reply-To: <2c...@webmail.harte-lyne.ca>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-dm-mail-id: E87C2A5-A5F3-4435-AE91-A09EC7AF621D
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EXCLAIMER-MD-CONFIG: 170369b0-b740-4e85-860b-ed9d5c4fb69a
Received-SPF: none
Results:
spamassassin -D -L < local.test
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
inet08.hamilton.harte-lyne.ca
X-Spam-Flag: YES
X-Spam-Status: Yes, score=5.5 required=4.5 tests=BAYES_00,MISSING_DATE,
MISSING_FROM,MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,
TVD_RCVD_SPACE_BRACKET,UNPARSEABLE_RELAY autolearn=no version=3.3.1
X-Spam-DCC: :
X-Spam-Level: *****
X-Spam-Pyzor:
X-Spam-Report:
* 0.0 TVD_RCVD_SPACE_BRACKET TVD_RCVD_SPACE_BRACKET
* 1.2 MISSING_HEADERS Missing To: header
* -1.5 BAYES_00 BODY: Bayes spam probability is 0 to 1%
* [score: 0.0000]
* 1.2 MISSING_MID Missing Message-Id: header
* 1.3 MISSING_SUBJECT Missing Subject: header
* 1.5 MISSING_FROM Missing From: header
* 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
* 1.8 MISSING_DATE Missing Date: header
;
I do not know why this is happening. Is there some switch I am supposed to
pass spamassasin when I use it on a message text file?
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3