You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2009/02/11 15:09:56 UTC
[Bug 6064] New: false positive: el-al e-ticket
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6064
Summary: false positive: el-al e-ticket
Product: Spamassassin
Version: 3.2.5
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: Rules
AssignedTo: dev@spamassassin.apache.org
ReportedBy: dot@dotat.at
Created an attachment (id=4433)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4433)
El-Al e-ticket
This airline e-ticket is particularly egregiously malformed, and at the same
time rather important for the recipient. It scores
score 10.7 from SpamAssassin-3.2.5-730418
* -4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
* medium trust
* [82.150.225.79 listed in list.dnswl.org]
* 1.2 LOW_PRICE BODY: Lowest Price
* 1.8 SUBJ_ALL_CAPS Subject is all capitals
* 0.8 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags
* 2.7 HTML_OBFUSCATE_20_30 BODY: Message is 20% to 30% HTML obfuscation
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 2.8 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
* 2.0 ADVANCE_FEE_2 Appears to be advance fee fraud (Nigerian 419)
* 1.9 UPPERCASE_75_100 message body is 75-100% uppercase
* 1.4 ADVANCE_FEE_3 Appears to be advance fee fraud (Nigerian 419)
It seems that amadeus.net provide e-ticket services for more airlines than just
el-al and their messages' filthy encoding means they frequently score more than
5. From my logs...
HTML_MESSAGE,HTML_NONELEMENT_30_40,HTML_TAG_BALANCE_BODY,MIME_BASE64_TEXT,RCVD_IN_DNSWL_MED,SUBJ_ALL_CAPS,UPPERCASE_75_100
HTML_MESSAGE,HTML_OBFUSCATE_10_20,HTML_TAG_BALANCE_BODY,MIME_BASE64_TEXT,RCVD_IN_DNSWL_MED,SUBJ_ALL_CAPS,UPPERCASE_75_100
HTML_MESSAGE,HTML_TAG_BALANCE_BODY,MIME_BASE64_TEXT,RCVD_IN_DNSWL_LOW,SUBJ_ALL_CAPS,UPPERCASE_75_100
ADVANCE_FEE_2,ADVANCE_FEE_3,HTML_MESSAGE,HTML_OBFUSCATE_20_30,HTML_TAG_BALANCE_BODY,LOW_PRICE,MIME_BASE64_TEXT,SUBJ_ALL_CAPS,UPPERCASE_75_100
I'm not sure whether the best solution is to whitelist them or if the
collective wisdom of the SA developers and users has a better idea
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6064] false positive: el-al e-ticket
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6064
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends on| |5553
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6064] false positive: el-al e-ticket
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6064
eriker-sa@f-secure.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |eriker-sa@f-secure.com
--- Comment #2 from eriker-sa@f-secure.com 2009-04-29 02:03:48 PST ---
+1 on adding a whitelisting for amadeus.net; we are already doing that locally.
Many airlines at least in Europe are using Amadeus, and obviously airline
e-tickets are the kind of email which simply should never get eaten by a spam
filter.
All the ones I've seen have been from *@*.amadeus.net (and specifically I think
pop3.amadeus.net) so the second whitelisting entry might be superfluous.
If somebody knows how to persuade the people at Amadeus to generate less broken
email, the world could be a better place, but yes, perhaps this is a lost
cause. (I left a note at
http://amadeusnet.wordpress.com/2008/04/02/20/#comment-349 but don't really
expect a reply.)
MIME_BASE64_TEXT should not be triggering on this message IMHO; I think this is
bug #5553
This sample message takes several seconds to scan -- somebody should look into
that as well.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6064] false positive: el-al e-ticket
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6064
--- Comment #1 from Mark Martinec <Ma...@ijs.si> 2009-02-11 07:03:28 PST ---
I'd suggest to just whitelist them, the message looks like a lost cause:
whitelist_from_rcvd *@*.amadeus.net amadeus.net
whitelist_from_rcvd *@amadeus.net amadeus.net
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6064] false positive: el-al e-ticket
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6064
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |kmcgrail@pccc.com
Resolution| |WONTFIX
--- Comment #3 from Kevin A. McGrail <km...@pccc.com> 2011-12-13 01:28:35 UTC ---
The only issue in this ticket that is an issue with SA has been resolved.
While the content is important, the email is very badly crafted.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6064] false positive: el-al e-ticket
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6064
Bug 6064 depends on bug 5553, which changed state.
Bug 5553 Summary: MIME_BASE64_TEXT does not handle charset properly
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5553
What |Old Value |New Value
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.