[RndTbl] SpamAssassin false positives on DATE_IN_FUTURE_96_Q?
Gilbert E. Detillieux
gedetil at cs.umanitoba.ca
Tue Nov 15 10:45:37 CST 2011
On 2011-11-14 17:46, Kevin McGregor wrote:
> So you've changed the date manually to be exactly the same, and the rule
> doesn't trigger?
Well... Here's the weird thing: if I pass the exact same message
through spamc manually, I don't get the false positive on that rule.
So, I tried mailing that message back to myself from a non-local mailer
(so that it goes through spamass-milter again), but this generates extra
"Received" headers that change the behaviour. (I now get a trigger on
the DATE_IN_PAST_24_48 rule, since the message is now that old.)
So, I can't test under exactly the same conditions. Given that running
the message through spamc manually didn't trigger the rule, I'm tempted
to think it might be something in the spamass-milter configuration,
which is causing some information to not be transferred to spamc, or to
be transferred incorrectly. Not sure at this point.
Gilbert
> On Mon, Nov 14, 2011 at 4:56 PM, Gilbert E. Detillieux
> <gedetil at cs.umanitoba.ca <mailto:gedetil at cs.umanitoba.ca>> wrote:
>
> I mentioned this problem at the last round-table session, but didn't
> get a solution, so I thought I'd post it here, just in case anyone
> has any suggestions to offer.
>
> I'm still seeing a whole bunch of false positives in SpamAssassin,
> since an update was installed in mid-September on a CentOS 5.7
> system, for a rule called DATE_IN_FUTURE_96_Q, which is only
> supposed to be triggered when the "Date:" header has a date that is
> 4 days to 4 month ahead of the date in the "Received" header that
> has the _smallest_ difference in date.
>
> Here are the headers from the latest e-mail I've received with this
> false-positive. (I've stripped out irrelevant headers, for the sake
> of clarity and simplicity.)
>
> >From topfivestories at messagent.__itworldcanada.com
> <mailto:topfivestories at messagent.itworldcanada.com> Mon Nov 14
> 07:50:13 2011
> Received: from mail.messagent.itworldcanada.__com
> <http://mail.messagent.itworldcanada.com>
> (mail.messagent.itworldcanada.__com
> <http://mail.messagent.itworldcanada.com> [207.112.10.80])
> by palladium.cs.umanitoba.ca
> <http://palladium.cs.umanitoba.ca> (8.13.8/8.13.8) with SMTP id
> pAEDoAxV028594
> for <gedetil at cs.umanitoba.ca
> <mailto:gedetil at cs.umanitoba.ca>>; Mon, 14 Nov 2011 07:50:12 -0600
> Date: Mon, 14 Nov 2011 08:50:13 -0500
> X-Spam-Status: No, score=-0.3 required=5.0
> tests=BAYES_00,DATE_IN_FUTURE___96_Q,
> HTML_MESSAGE,RP_MATCHES_RCVD autolearn=no version=3.3.1
> X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
> palladium.cs.umanitoba.ca <http://palladium.cs.umanitoba.ca>
>
> Note that I'm calling spamd via the spamass-milter on a system
> running sendmail. Note also, that in the above example, the only
> "Received" header was the one generated by my own server. (I've had
> other false positives, however, with multiple "Received" headers,
> all of which were within seconds of the time in the "Date" header.)
>
> Any ideas?
--
Gilbert E. Detillieux E-mail: <gedetil at muug.mb.ca>
Manitoba UNIX User Group Web: http://www.muug.mb.ca/
PO Box 130 St-Boniface Phone: (204)474-8161
Winnipeg MB CANADA R2H 3B4 Fax: (204)474-7609
More information about the Roundtable
mailing list