You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@spamassassin.apache.org on 2022/05/30 17:58:31 UTC
[Bug 8000] New: AMAZON_IMG_NOT_RCVD_AMZN rule producing false positives
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8000
Bug ID: 8000
Summary: AMAZON_IMG_NOT_RCVD_AMZN rule producing false
positives
Product: Spamassassin
Version: 3.4.0
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Rules
Assignee: dev@spamassassin.apache.org
Reporter: denis@gerasimov.net
Target Milestone: Undefined
Created attachment 5786
--> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5786&action=edit
Example of false positive
Every legit email from amazon ordering system produces this false positive for
me. Example attached
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 8000] AMAZON_IMG_NOT_RCVD_AMZN rule producing false positives
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8000
John Hardin <jh...@impsec.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WORKSFORME
CC| |jhardin@impsec.org
--- Comment #1 from John Hardin <jh...@impsec.org> ---
I cannot reproduce this FP in my SA test environment with the attached example.
May 30 20:07:11.714 [21295] dbg: rules-all: running header rule
__HDR_RCVD_AMAZON
May 30 20:07:11.714 [21295] dbg: rules: ran header rule __HDR_RCVD_AMAZON
======> got hit: " rdns=a13-123.smtp-out.amazonses.com "
...
May 30 20:07:12.731 [21295] dbg: rules-all: ran meta rule
__AMAZON_IMG_NOT_RCVD_AMZN, no hit
...
May 30 20:07:12.742 [21295] dbg: rules-all: ran meta rule
AMAZON_IMG_NOT_RCVD_AMZN, no hit
It's possible that the local-MTA Received header which prevents it from hitting
is not being added to the message by your MTA before it's being passed to
SpamAssassin for scanning. How is SpamAssassin glued onto your MTA?
Recommendations:
(1) whitelist Amazon (see below), these messages pass DKIM
(2) look into rule LOCAL_RND_SUBJ, that contributed more to the FP than
AMAZON_IMG_NOT_RCVD_AMZN did
(3) follow up the MTA glue question on the SpamAssasssin Users mailing list,
you'll get better results for rules questions there.
Suggested Amazon authenticated whitelisting:
whitelist_auth *@amazon.com
blacklist_from *@amazon.com
whitelist_auth *@*.amazon.com
blacklist_from *@*.amazon.com
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 8000] AMAZON_IMG_NOT_RCVD_AMZN rule producing false positives
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8000
Giovanni Bechis <gi...@paclan.it> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |giovanni@paclan.it
--- Comment #2 from Giovanni Bechis <gi...@paclan.it> ---
The submitted email hits UNPARSEABLE_RELAY, this probably makes
__HDR_RCVD_AMAZON fail.
Updating to a more recent SpamAssassin version will probably fix the issue.
--
You are receiving this mail because:
You are the assignee for the bug.