You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2005/04/17 07:37:19 UTC
[Bug 4264] New: false positive for FORGED_YAHOO_RCVD
http://bugzilla.spamassassin.org/show_bug.cgi?id=4264
Summary: false positive for FORGED_YAHOO_RCVD
Product: Spamassassin
Version: 3.0.2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: spamassassin
AssignedTo: dev@spamassassin.apache.org
ReportedBy: m_preston@yahoo.com
spamassassin 3.x (and most 2.6x releases) tags some legitimate yahoo mail with
FORGED_YAHOO_RCVD.
The problem lies in this fairly recently (in use for over a year now)
introduced mx relay:
Received: from web30910.mail.mud.yahoo.com (web30910.mail.mud.yahoo.com
[68.142.200.163])
which is a real yahoo mx relay.
The fix for this is to apply this diff to: Mail/SpamAssassin/EvalTests.pm
502d501
< if ($rcvd =~ /by web\S+\.mail\.mud\.yahoo\.com via HTTP/) { return 0; }
-mark
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4264] false positive for FORGED_YAHOO_RCVD
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4264
------- Additional Comments From Bob@Menschel.net 2005-04-23 16:58 -------
Created an attachment (id=2805)
--> (http://bugzilla.spamassassin.org/attachment.cgi?id=2805&action=view)
Sample email which demonstrates this situation
Attached email can be used to demonstate problem and validate fix. Many more
available if needed.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4264] false positive for FORGED_YAHOO_RCVD
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4264
------- Additional Comments From spamassassin@dostech.ca 2005-05-02 23:08 -------
Well Bob's example doesn't hit in 3.0.3, and you've yet to attach a *complete*
message (or at the very least a complete set of headers) to test against, so
you'll have to do so if you believe this is still an issue.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4264] false positive for FORGED_YAHOO_RCVD
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4264
darrell@garnix.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |darrell@garnix.org
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4264] false positive for FORGED_YAHOO_RCVD
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4264
Bob@Menschel.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|Undefined |3.1.0
------- Additional Comments From Bob@Menschel.net 2005-04-23 16:58 -------
Since the fix seems to be so simple, and now with a demonstration email
attached, this seems reasonable for 3.1.0
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4264] false positive for FORGED_YAHOO_RCVD
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4264
------- Additional Comments From spamassassin@dostech.ca 2005-04-27 00:31 -------
Oops, I read that sample message wrong. It infact does have "via HTTP" in the
received header, nevermind.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4264] false positive for FORGED_YAHOO_RCVD
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4264
------- Additional Comments From spamassassin@dostech.ca 2005-05-02 19:14 -------
Yeah, this doesn't appear to hit in 3.0.3 either.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4264] false positive for FORGED_YAHOO_RCVD
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4264
quinlan@pathname.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
------- Additional Comments From quinlan@pathname.com 2005-04-30 19:32 -------
seems to work in SVN fine (no hit for that rule on this message), closing
as WORKSFORME
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4264] false positive for FORGED_YAHOO_RCVD
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4264
------- Additional Comments From mkettler_sa@comcast.net 2005-06-15 12:53 -------
For reference this fix is present in SA 3.0.4.
It is the only diff between EvalTests.pm for 3.0.3 and 3.0.4, so anyone can
easily verify this if they doubt it.
I also verified 3.0.4's entire sub check_for_forged_yahoo_received_headers() to
be the same as that present in the 2005-06-10 SVN tarball.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4264] false positive for FORGED_YAHOO_RCVD
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4264
------- Additional Comments From darrell@garnix.org 2005-05-10 12:09 -------
Created an attachment (id=2860)
--> (http://bugzilla.spamassassin.org/attachment.cgi?id=2860&action=view)
A set of headers (addresses redacted) which trigger the bug for me
These headers seem to trigger this bug for me.
This is using spamassassin 3.0.2 through amavisd-new.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4264] false positive for FORGED_YAHOO_RCVD
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4264
Bob@Menschel.net changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO| |4274
nThis| |
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4264] false positive for FORGED_YAHOO_RCVD
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4264
------- Additional Comments From m_preston@yahoo.com 2005-05-02 22:56 -------
Subject: Re: false positive for FORGED_YAHOO_RCVD
I haven't tried the latest SVN, but this is still very much an issue in
3.0.3 - when your testing you need to make sure you are sending through
mail.mud.yahoo.com (and no I don't know how, when or why yahoo uses
this relay server but they do, a lot). Anyhow, here is a test with
3.0.3:
Message-ID: <20...@web30909.mail.mud.yahoo.com>
Received: from [64.37.145.213] by web30909.mail.mud.yahoo.com via HTTP;
Mon, 02 May 2005 22:48:03 PDT
Date: Mon, 2 May 2005 22:48:03 -0700 (PDT)
From: mark preston <so...@something.com>
Subject: testing
To: mpreston@mx1.something.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Score: * (1.401) BAYES_00,FORGED_YAHOO_RCVD
X-Scanned-By: SpamAssassin 3.000003
X-Recipient: <so...@mx1.something.com>
Return-Path: someone@something.com
X-OriginalArrivalTime: 03 May 2005 05:48:05.0005 (UTC)
FILETIME=[ACF6DBD0:01C54FA3]
--- bugzilla-daemon@bugzilla.spamassassin.org wrote:
> http://bugzilla.spamassassin.org/show_bug.cgi?id=4264
>
>
>
>
>
> ------- Additional Comments From spamassassin@dostech.ca 2005-05-02
> 19:14 -------
> Yeah, this doesn't appear to hit in 3.0.3 either.
>
>
>
> ------- You are receiving this mail because: -------
> You reported the bug, or are watching the reporter.
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4264] false positive for FORGED_YAHOO_RCVD
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4264
------- Additional Comments From spamassassin@dostech.ca 2005-04-26 23:25 -------
Bob, do you have any messages that have "via HTTP" in them? It seems Mark only
included half of the received header in his post, but his regexp looks for more
than what's in his example.
Basically if you've got a few samples of different Yahoo! received headers that
aren't currently detected correctly that you could attach to this bug that'd be
great.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4264] false positive for FORGED_YAHOO_RCVD
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4264
------- Additional Comments From jm@jmason.org 2005-06-26 13:28 -------
fwiw, this was a dup of bug 4080
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4264] false positive for FORGED_YAHOO_RCVD
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4264
------- Additional Comments From spamassassin@dostech.ca 2005-05-10 20:13 -------
Darrell's message hits in 3.0.3 but doesn't in 3.1... so it's been fixed.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.