You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2005/07/17 02:40:18 UTC
[Bug 4425] numeric hello in Received headers fools spamassassin
http://bugzilla.spamassassin.org/show_bug.cgi?id=4425
Bob@Menschel.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |Bob@Menschel.net
Severity|normal |critical
Component|spamassassin |Rules (Eval Tests)
Keywords|triage |
Target Milestone|Undefined |3.1.0
Version|3.0.3 |SVN Trunk (Latest Devel
| |Version)
------- Additional Comments From Bob@Menschel.net 2005-07-16 17:40 -------
When I run your message against your user_prefs, I get
X-Spam-Status: No, score=-89.9 required=6.0 tests=HTML_00_10,HTML_MESSAGE,
MIME_HEADER_CTYPE_ONLY,NO_REAL_NAME,RCVD_HELO_IP_MISMATCH,
RCVD_IN_WHOIS_BOGONS,RCVD_IN_WHOIS_INVALID,RCVD_NUMERIC_HELO,
SUBJ_YOUR_DEBT,URIBL_OB_SURBL,URIBL_WS_SURBL,USER_IN_WHITELIST
autolearn=no version=3.1.0-pre4-r208823
so yes, USER_IN_WHITELIST hits, in pre4 yet. Setting "version" flag to svn.
I don't know whether it's the numeric hello that's confusing SpamAssassin, or
the fact that your whitelist directive
> whitelist_from_rcvd *.edu.pl edu.pl
does match the one and only trusted Received header in your email, ignoring the
forged headers in the email. If the latter, then a
> whitelist_from_rcvd addr@domain.tld domain.tld
that matches the trusted header set should be ignored if there are any untrusted
headers after, indicating that the email comes from a different server.
Since I agree this provides a means whereby whitelist_from_rcvd can be fooled,
I'm uping the severity to critical, and wouldn't complain if a dev upped it to
"block".
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.