INVALID_TZ_EST flagged in all emails

["Brian C. Huffman" <bh...@graze.net>]

All,

I've searched but can not find the answer to this.  I'm running RedHat Enterprise Linux v4 with all latest updates and am using the amavisd-milter to call amavisd-new (v2.4.4) which in turn is using spamd (spamassassin v3.1.7).  It appears that every single email that's getting filtered is getting the INVALID_TZ_EST attached.  Even something as simple as just piping the text "test" through sendmail to root gives this result:

From root@graze.net  Mon Jan 22 16:20:37 2007
X-Virus-Scanned: amavisd-new at graze.net
X-Spam-Score: 4.29
X-Spam-Level: ****
X-Spam-Status: No, score=4.29 tagged_above=-9999 required=5
        tests=[ALL_TRUSTED=-1.8, AWL=-0.568, BAYES_60=1,
        DATE_IN_FUTURE_03_06=1.961, INVALID_TZ_EST=1.883,
        MISSING_SUBJECT=1.816, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
Date: Mon, 22 Jan 2007 16:20:26 -0500
From: root <ro...@graze.net>
To: root@graze.net

test

What can I do to determine what is causing that test to fail?

Thanks,
Brian

Re: INVALID_TZ_EST flagged in all emails

[Theo Van Dinter <fe...@apache.org>]

On Tue, Jan 23, 2007 at 01:04:24PM -0500, Brian C. Huffman wrote:
> I'm running RedHat Enterprise Linux v4 with all latest updates and am using the amavisd-milter to call amavisd-new (v2.4.4) which in turn is using spamd (spamassassin v3.1.7).  It appears that every single email that's getting filtered is getting the INVALID_TZ_EST attached.  Even something as simple as just piping the text "test" through sendmail to root gives this result:
> 
> From root@graze.net  Mon Jan 22 16:20:37 2007
> X-Virus-Scanned: amavisd-new at graze.net
> Date: Mon, 22 Jan 2007 16:20:26 -0500
> To: root@graze.net
> 
> What can I do to determine what is causing that test to fail?

I can't reproduce your problem.  There is indeed a a rule that looks for
questionable EST-related timezone statements, but there aren't any in your
sample mail.  Specifically, the rule needs "EST" to show up in a header, which
doesn't for you.

Try running the mail through spamassassin manually.  If it works fine, you
need to debug the other stuff and figure out where the problem is.

-- 
Randomly Selected Tagline:
"So Lone Star ... Now you see that evil will always triumph because good is
 dumb."                     - Space Balls

Re: INVALID_TZ_EST flagged in all emails

["Daryl C. W. O'Shea" <sp...@dostech.ca>]

Brian C. Huffman wrote:

> Looking through /usr/sbin/amavisd, it appears that it *does not* add the Received header if it is called via a milter (which it is).  So, this wouldn't seem to be the issue.

New versions do.  The old versions that don't are broken and have 
greater issues (most DNSBL tests and other stuff is broken) than 
INVALID_TZ_EST firing.

Daryl

Re: INVALID_TZ_EST flagged in all emails

["Daryl C. W. O'Shea" <sp...@dostech.ca>]

[back on list]

Brian C. Huffman wrote:
> On Tue, 2007-01-23 at 16:55 -0500, Daryl C. W. O'Shea wrote:
>> Brian C. Huffman wrote:
>>
>>> Looking through /usr/sbin/amavisd, it appears that it *does not* add the Received header if it is called via a milter (which it is).  So, this wouldn't seem to be the issue.
>> New versions do.  The old versions that don't are broken and have 
>> greater issues (most DNSBL tests and other stuff is broken) than 
>> INVALID_TZ_EST firing.
>>
>> Daryl
> 
> Why wouldn't sendmail itself insert the proper Received line and then
> pass to amavisd (via the milter)?

The milter interface passes the headers and body as received.  It does 
not first prepend the received header for the local hop.


>  Here are a couple of lines
> from /usr/sbin/amavisd that suggested to me that it wasn't inserting a
> header:
> 
> Line 573:
>   $insert_received_line = 1; # insert Received: header field? (not with
> milter)
> 
> Now that could mean that they think you should set it to "0" if you're
> doing a milter although it sounds like you're saying that's not the
> correct way.

I have no idea what the "not with milter" comment means, or the context 
that code is in.  I've never looked at, or downloaded, the amavisd 
source... I'm having a good day if I spell amavisd correctly.


> And then again this group of lines looks to me like it won't add the
> received line if delivery_method = '' (which it would for milter,
> wouldn't it)?
> 
>   # misnomer, this _is_ the Received line
>   $hdr_edits->append_header_above_received('Received',
>     received_line($conn,$msginfo,$msginfo->mail_id,1), 1)
>     if c('insert_received_line') && $msginfo->delivery_method ne '' &&
>        $allowed_hdrs && $allowed_hdrs->{lc('Received')};
>   $hdr_edits;
> }
> 
> and again here which does say that if it's implicit delivery,
> deliver_method='':
> sub delivery_method # delivery method, or empty for implicit delivery
> (milter)
>   { my($self)=shift; !@_ ?
> $self->{deliv_method}:($self->{deliv_method}=shift)}

I'm not sure exactly what Received header this is referring to.  Does 
amavisd add some sort of "Received from localhost/wherever by amavisd"?

If it's not some "Received ... by amavisd" header, I can't think of a 
reason why it would be adding Received headers EXCEPT for when it's 
acting as a milter.


> I do appreciate your help, I'm just trying to understand how this all
> works.  

You are running the latest version of amavisd, correct?  I know for 
*sure* that a milter must fake a received header before passing the 
message to SA and I'm 99.9% sure that it was amavisd that wasn't doing 
this only a couple of months ago.

Of course, there's a good possibility that it's not related to amavisd 
(since nobody else seems to be seeing the INVALID_TZ_EST hits), but 
given your simple test message passed through, the only other thing I 
can think of is some screwed up timezone setting in your MTA config.


Daryl

RE: INVALID_TZ_EST flagged in all emails

["Brian C. Huffman" <bh...@graze.net>]

----- Original Message -----
From: Daryl C. W. O'Shea <sp...@dostech.ca>
Sent: Tue, 1/23/2007 4:11pm
To: Brian C. Huffman <bh...@graze.net>
Cc: users@spamassassin.apache.org
Subject: Re: INVALID_TZ_EST flagged in all emails
>
> It sounds like it may be an issue with the received header that amavisd 
> is faking (as required) when it passes the message to SA.
>
> Daryl


Looking through /usr/sbin/amavisd, it appears that it *does not* add the Received header if it is called via a milter (which it is).  So, this wouldn't seem to be the issue.

Thanks - I'm still looking.  I'll try to run this through spamassassin w/o amavis when I get home this evening.

-b

Re: INVALID_TZ_EST flagged in all emails

["Daryl C. W. O'Shea" <sp...@dostech.ca>]

Brian C. Huffman wrote:
> All,
> 
> I've searched but can not find the answer to this.  I'm running RedHat 
> Enterprise Linux v4 with all latest updates and am using the 
> amavisd-milter to call amavisd-new (v2.4.4) which in turn is using spamd 
> (spamassassin v3.1.7).  It appears that every single email that's 
> getting filtered is getting the INVALID_TZ_EST attached.  Even something 
> as simple as just piping the text "test" through sendmail to root gives 
> this result:

It sounds like it may be an issue with the received header that amavisd 
is faking (as required) when it passes the message to SA.

Daryl