You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@issues.apache.org on 2010/06/14 12:52:31 UTC
[Bug 6450] New: TO_EQ_FM_HTML_ONLY rule matches mail send
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6450
Summary: TO_EQ_FM_HTML_ONLY rule matches mail send
Product: Spamassassin
Version: 3.3.1
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Rules
AssignedTo: dev@spamassassin.apache.org
ReportedBy: david@electric-spoon.com
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6450] TO_EQ_FM_HTML_ONLY rule matches local mail.
Posted by bu...@issues.apache.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6450
--- Comment #6 from David Pottage <da...@electric-spoon.com> 2010-06-15 04:09:41 EDT ---
> ALL_TRUSTED is not internal only, it should be NO_RELAYS imho
I think it should be ALL_TRUSTED not NO_RELAYS, as there could be a similar
situation in a corporate server farm, where a large number of compute farm
machines generate reports, which go to the sysadmin via the corporate
mailserver. In that situation the mail would touch three machines, but they
would all be trusted.
Also, the problem mails I am getting, are not triggering the NO_RELAYS rule, so
I guess that rule is not working properly. I have pasted the headers of one of
those emails below.
Received: from localhost.localdomain (localhost [127.0.0.1])
by www.chrestomanci.org (Postfix) with ESMTP id 36A39408D
for <da...@electric-spoon.com>; Tue, 15 Jun 2010 02:40:25 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=electric-spoon.com;
s=_adsp; t=1276566025;
bh=tA8XBK8C2KkUb8R4Zj9A003YJOoZLOswvKn6E/xWefY=;
h=MIME-Version:Content-Transfer-Encoding:Content-Type:Date:To:From:
Subject:Message-Id;
b=B7kbGIk5FH6CimIAeDk4Fe8+wBEskhBxxyRqPpkvTNM8ec1h8xcQmxrWKXFff7EjF
WiihS2iXiewaA4UY592bGtYAOAqjVlDmUsOGjsIqMQ3ioRclCDknZKYWUnh7+lTiQk
DhmljQdlkg+pN43l8poOLlZ0zmgrFlt9U2mSEU/Y=
MIME-Version: 1.0
Content-Transfer-Encoding: binary
Content-Type: multipart/related; boundary="_----------=_1276566024167170"
X-Mailer: MIME::Lite 3.027 (F2.77; T1.28; A2.05; B3.08; Q3.08)
Date: Tue, 15 Jun 2010 02:40:24 +0100
To: david@electric-spoon.com
From: david@electric-spoon.com
Subject: ****** REMOVED *******
Message-Id: <20...@www.chrestomanci.org>
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6450] TO_EQ_FM_HTML_ONLY rule matches local mail.
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6450
John Hardin <jh...@impsec.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
--- Comment #9 from John Hardin <jh...@impsec.org> 2011-05-02 03:51:46 UTC ---
(In reply to comment #8)
> John, I guess this can be committed to 3.3 and closed?
Whoops! Yes, certainly. Sorry for not updating this.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6450] TO_EQ_FM_HTML_ONLY rule matches local mail.
Posted by bu...@issues.apache.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6450
David Pottage <da...@electric-spoon.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |david@electric-spoon.com
Summary|TO_EQ_FM_HTML_ONLY rule |TO_EQ_FM_HTML_ONLY rule
|matches mail send |matches local mail.
--- Comment #1 from David Pottage <da...@electric-spoon.com> 2010-06-14 06:58:37 EDT ---
I have some admin scripts on my system that run from cron as my username, and
send me daily status updates as pretty-printed HTML.
Recently, I have started seeing these mails taged as spam because they are HTML
only emails with the same from and to address.
I think that it is a good idea to be very suspicious of mail where the from and
to lines are the same, as I get a lot of spam like that, but I think that the
rule should only be triggered if the mail comes from the internet, and not from
localy trusted systems.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6450] TO_EQ_FM_HTML_ONLY rule matches local mail.
Posted by bu...@issues.apache.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6450
John Hardin <jh...@impsec.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jhardin@impsec.org
Target Milestone|Undefined |3.3.2
OS/Version|Linux |All
--- Comment #2 from John Hardin <jh...@impsec.org> 2010-06-14 09:31:59 EDT ---
(In reply to comment #1)
> I think that the
> rule should only be triggered if the mail comes from the internet, and not from
> localy trusted systems.
Agreed. Why are you passing purely-internal mail through SA in the first place?
This is not the only rule that such a comment could apply to.
Your MTA should have rules to bypass SA completely on internally-generated
email, especially on administrative emails of this sort.
A question, though, so I'm not just saying "it's not my problem": do those
messages hit ALL_TRUSTED? I'd be willing to add !ALL_TRUSTED to the meta.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6450] TO_EQ_FM_HTML_ONLY rule matches local mail.
Posted by bu...@issues.apache.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6450
--- Comment #7 from John Hardin <jh...@impsec.org> 2010-06-15 09:57:23 EDT ---
Committed, revision 954885. Awaiting masschecks to close.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6450] TO_EQ_FM_HTML_ONLY rule matches local mail.
Posted by bu...@issues.apache.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6450
--- Comment #4 from David Pottage <da...@electric-spoon.com> 2010-06-14 10:04:21 EDT ---
> Agreed. Why are you passing purely-internal mail through SA in the first place?
> This is not the only rule that such a comment could apply to.
>
> Your MTA should have rules to bypass SA completely on internally-generated
> email, especially on administrative emails of this sort.
I am processing all mail through SA, as that is the simplest setup, and is the
default for Ubuntu. You are correct that it is not the optimal way to do
things, but I have plenty of cycles to spare, so I don't want to complicate the
config of my MTA unless there is a need.
> A question, though, so I'm not just saying "it's not my problem": do those
> messages hit ALL_TRUSTED? I'd be willing to add !ALL_TRUSTED to the meta.
Those messages do hit that rule. The complete analysis I am getting is:
Content analysis details: (5.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
0.0 HTML_MESSAGE BODY: HTML included in message
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.4752]
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
4.3 TO_EQ_FM_HTML_ONLY To == From and HTML only
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6450] TO_EQ_FM_HTML_ONLY rule matches local mail.
Posted by bu...@issues.apache.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6450
--- Comment #3 from John Hardin <jh...@impsec.org> 2010-06-14 09:34:00 EDT ---
(In reply to comment #2)
> Your MTA should have rules to bypass SA completely on internally-generated
> email, especially on administrative emails of this sort.
Sorry, that should be "bypass SA completely on purely-internal email". Scanning
outbound emails is reasonable, scanning email from the local network to the
local network is much less so.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6450] TO_EQ_FM_HTML_ONLY rule matches local mail.
Posted by bu...@issues.apache.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6450
Benny Pedersen <me...@junc.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |me@junc.org
--- Comment #5 from Benny Pedersen <me...@junc.org> 2010-06-14 16:31:57 EDT ---
(In reply to comment #3)
> (In reply to comment #2)
>
> > Your MTA should have rules to bypass SA completely on internally-generated
> > email, especially on administrative emails of this sort.
>
> Sorry, that should be "bypass SA completely on purely-internal email". Scanning
> outbound emails is reasonable, scanning email from the local network to the
> local network is much less so.
ALL_TRUSTED is not internal only, it should be NO_RELAYS imho
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6450] TO_EQ_FM_HTML_ONLY rule matches local mail.
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6450
Henrik Krohns <he...@hege.li> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
CC| |hege@hege.li
--- Comment #8 from Henrik Krohns <he...@hege.li> 2011-05-01 19:07:47 UTC ---
John, I guess this can be committed to 3.3 and closed?
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.