https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6389
--- Comment #5 from [email protected] 2010-04-07 06:20:44 UTC --- (In reply to comment #4) > Regarding comment 0 and its sample FP attachment 4721 [details], it looks > like that > should have been ALL_TRUSTED (see the documentation for internal_networks). > While this doesn't solve the bug, it would help alleviate the > spammy-messages-from-colleagues problem. > > Hm. This header from attachment 4730 [details] is quite interesting: > > X-MIME-Autoconverted: from quoted-printable to 8bit by popo.ctimail.com id > o31FCcI16161 > > I believe this is reporting that ctimail's mail system converted the > quoted-printable headers to 8bit, which triggered the rule. Plugging that > header into google shows 19k hits, which is small but not intangible. Even my > own sendmail server has added it in the past. Comparative data: X-Spam-Status > (236k), X--MailScanner (10k), X-Spam-Flag (27k), X-Greylist (17k), X-X-Sender > (9k), X-Sieve (7k), X-Received (16k) ... (searches performed in quotes with a > second query being "Message-ID" to ensure we're looking at email headers). > > I've placed a possible fix into our QA system (20_bug_6389.cf in my sandbox) > to > sanity-check it, containing the following code (the first rule is just a > popularity test for that header): > > header __HAS_XMIME_AUTOCONV exists:X-MIME-Autoconverted > header __MIME_QP_TO_8BIT X-MIME-Autoconverted =~ /from quoted-printable to > 8bit/ > meta DOS_HIGHBIT_HDRS_BODY_BUG6389 __FROM_NEEDS_MIME && __SUBJECT_ENCODED_B64 > && __FROM_ENCODED_B64 && __SUBJECT_NEEDS_MIME && __HIGHBITS && > !__MIME_QP_TO_8BIT > > Sadly, this doesn't help the first sample. Appending "&& !__RCVD_VIA_APNIC_LE" > would also fail to solve it since it is from France and not Asia. According to > yesterday's numbers, that extra requirement would also reduce the spam hit by > 43% and the ham by under 20%, reducing 1.1268% spam to 0.7423% and the ham to > somewhere between 0.0261% and the current 0.0326%. > > I'm disheartened by the French FP as it was composed with the latest version > of > Thunderbird (3.0.4, WinXP, French build), but at least configuring > internal_networks would solve it for that particular user's internal company > mail. For a full fix, I can think of nothing but removing this rule. The > question becomes: how many FPs does this rule really create, i.e. is this an > isolated incident? According to my email sample (attachment 4730), the email is scanned by SpamAssassin before QP-to-8bit conversion (note the mail id o31FCcI16161) Received: from smtp1o.ctimail.com (smtp1 [203.186.94.57]) by popo.ctimail.com (8.11.1/8.11.1) with ESMTP id o31FCcI16161 for <[email protected]>; Thu, 1 Apr 2010 23:12:38 +0800 (CST) Received: from iguard1-206.hkbn.net (iguard1-206.hkbn.net [203.186.220.206]) by smtp1o.ctimail.com (8.12.11/8.12.11) with ESMTP id o31FCalG014728 for <[email protected]>; Thu, 1 Apr 2010 23:12:38 +0800 (HKT) Received: from violet.alumni.cuhk.net ([202.45.188.23]) by iguard1.hkbn.net with ESMTP; 01 Apr 2010 23:12:37 +0800 Received: from asavgw1.alumni.cuhk.net (asavgw1.alumni.cuhk.net [202.45.188.44]) by violet.alumni.cuhk.net (8.14.3/8.14.3) with ESMTP id o31FCUvr000701 for <[email protected]>; Thu, 1 Apr 2010 23:12:31 +0800 Received: from ieaa.ie.cuhk.edu.hk ([137.189.97.6]) by asavgw1.alumni.cuhk.net with ESMTP; 01 Apr 2010 23:12:36 +0800 Received: from smtp.ctimail.com ([203.186.94.58] helo=smtpo.ctimail.com) by ieaa.ie.cuhk.edu.hk with esmtp (Exim 4.63) (envelope-from <[email protected]>) id 1NxM4R-0006GD-8l for [email protected]; Thu, 01 Apr 2010 23:12:36 +0800 Received: from [127.0.0.1] (119247234247.ctinets.com [119.247.234.247]) by smtpo.ctimail.com (8.12.11/8.12.11) with ESMTP id o31FCROw020860 for <[email protected]>; Thu, 1 Apr 2010 23:12:27 +0800 (HKT) X-MIME-Autoconverted: from quoted-printable to 8bit by popo.ctimail.com id o31FCcI16161 I would say, the real bug should be in 20_html_tests.cf, which says body __HIGHBITS /(?:[\x80-\xff].?){4}/ I think it should be rawbody __HIGHBITS /(?:[\x80-\xff].?){4}/ -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
