On 2011-11-14 17:46, Kevin McGregor wrote:
So you've changed the date manually to be exactly the same, and the rule doesn't trigger?
Well... Here's the weird thing: if I pass the exact same message through spamc manually, I don't get the false positive on that rule. So, I tried mailing that message back to myself from a non-local mailer (so that it goes through spamass-milter again), but this generates extra "Received" headers that change the behaviour. (I now get a trigger on the DATE_IN_PAST_24_48 rule, since the message is now that old.)
So, I can't test under exactly the same conditions. Given that running the message through spamc manually didn't trigger the rule, I'm tempted to think it might be something in the spamass-milter configuration, which is causing some information to not be transferred to spamc, or to be transferred incorrectly. Not sure at this point.
Gilbert
On Mon, Nov 14, 2011 at 4:56 PM, Gilbert E. Detillieux <gedetil@cs.umanitoba.ca mailto:gedetil@cs.umanitoba.ca> wrote:
I mentioned this problem at the last round-table session, but didn't get a solution, so I thought I'd post it here, just in case anyone has any suggestions to offer. I'm still seeing a whole bunch of false positives in SpamAssassin, since an update was installed in mid-September on a CentOS 5.7 system, for a rule called DATE_IN_FUTURE_96_Q, which is only supposed to be triggered when the "Date:" header has a date that is 4 days to 4 month ahead of the date in the "Received" header that has the _smallest_ difference in date. Here are the headers from the latest e-mail I've received with this false-positive. (I've stripped out irrelevant headers, for the sake of clarity and simplicity.) >From topfivestories@messagent.__itworldcanada.com <mailto:topfivestories@messagent.itworldcanada.com> Mon Nov 14 07:50:13 2011 Received: from mail.messagent.itworldcanada.__com <http://mail.messagent.itworldcanada.com> (mail.messagent.itworldcanada.__com <http://mail.messagent.itworldcanada.com> [207.112.10.80]) by palladium.cs.umanitoba.ca <http://palladium.cs.umanitoba.ca> (8.13.8/8.13.8) with SMTP id pAEDoAxV028594 for <gedetil@cs.umanitoba.ca <mailto:gedetil@cs.umanitoba.ca>>; Mon, 14 Nov 2011 07:50:12 -0600 Date: Mon, 14 Nov 2011 08:50:13 -0500 X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,DATE_IN_FUTURE___96_Q, HTML_MESSAGE,RP_MATCHES_RCVD autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on palladium.cs.umanitoba.ca <http://palladium.cs.umanitoba.ca> Note that I'm calling spamd via the spamass-milter on a system running sendmail. Note also, that in the above example, the only "Received" header was the one generated by my own server. (I've had other false positives, however, with multiple "Received" headers, all of which were within seconds of the time in the "Date" header.) Any ideas?