You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2004/01/10 00:22:18 UTC
[Bug 2569] MSGID_FROM_MTA_SHORT triggers too easily
http://bugzilla.spamassassin.org/show_bug.cgi?id=2569
------- Additional Comments From felicity@kluge.net 2004-01-09 14:27 -------
A few things.
1) If you want to post a full header, please _ATTACH_ it to the ticket, not paste it into a comment
field.
2) Don't bother posting headers w/out Received headers, they can't possibly hit this issue. (I think
it was just a bad paste, but still ...)
3) This rule's logic requires hypercubes, I'm fairly certain.
SMTP local injection:
Received: from localhost (localhost [127.0.0.1])
by eclectic.kluge.net (Postfix) with ESMTP id 2BCF743E5C3
for <tv...@kluge.net>; Fri, 9 Jan 2004 17:15:59 -0500 (EST)
Message-Id: <20...@eclectic.kluge.net>
From: tvd@example.com
and
CLI local injection:
Received: by eclectic.kluge.net (Postfix, from userid 501)
id 800CD411B3B; Fri, 9 Jan 2004 16:35:38 -0500 (EST)
Message-Id: <20...@eclectic.kluge.net>
From: tvd@example.com
Both trigger the rule. Basically what happens is the function finds the Received header that did the
Message-Id if possible (the id in the Received is in the Message-Id). If there are a small number of
Received headers (<=2 if postfix sent the mail originally, <=1 for everyone else -- I think this is a
bug or an old behavior (examples in this ticket show only 1 Received for local messages), but it's
an explicit set of code), and the from domain doesn't match at the end of the message-id, it's
flagged as MSGID_FROM_MTA_SHORT.
4.432 6.7680 0.0560 0.992 0.94 3.67 MSGID_FROM_MTA_SHORT
So it hits 6.8% of spam, 0.06% of ham, for an accuracy rate of 99.2%.
WRT the postfix bit... Apparently older versions did this:
Received: by jmason.org (Postfix, from userid 500)
id 0ADD316F10; Wed, 23 Jul 2003 18:32:32 +0100 (IST)
Received: from jmason.org (localhost [127.0.0.1])
by jmason.org (Postfix) with ESMTP
id 03522F8E9; Wed, 23 Jul 2003 10:32:32 -0700 (PDT)
Message-Id: <20...@jmason.org>
versus the new versions which don't add the extra Received header. I would say the code to
determine the 1 vs 2 header bit ought to specifically look for the 'from userid' followed by a
127.0.0.1 entry, instead of the current "first added" Received headers are from Postfix, which is
definitely a bug.
So... If I modify the code to do:
# Postfix adds the Message-ID on the second local hop. Note: this is not
# an exemption, this is a special case to classify these hits correctly.
if ($#received > 0 &&
$received[$#received] =~ /\[127\.0\.0\.1\].+\(Postfix.*?\)/i &&
$received[$#received - 1] =~ /\(Postfix, from userid \d+\)/i)
{
$local = 2;
}
(which I'm not 100% convinced is right either, but ...), some of the FPs ought to be removed (when
postfix sends to another postfix...) At least the original reported header, and comment #4.
The rest, I can see the argument that the sender should be adding a Received header when they
send the mail directly to you since clients ought not to be doing MTA deliveries. So I don't
necessarily think there's anything to do about those FPs.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.