https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6864
Priority: P2 Bug ID: 6864 Assignee: dev@spamassassin.apache.org Summary: Excessive score (6.1) from FROM_MISSP_URI, FROM_MISSP_EH_MATCH, TO_NO_BRKTS_FROM_MSSP Severity: normal Classification: Unclassified OS: All Reporter: mark.marti...@ijs.si Hardware: All Status: NEW Version: SVN Trunk (Latest Devel Version) Component: Rules Product: Spamassassin Today I was investigating a false positive for a mail from our Japanese research colleagues at KEK.jp. It turns out that the following perfectly valid From line caused a collection of 6.1 score points solely because there is no (optional) space between a display name and the address: From: =?ISO-2022-JP?B?VXNlciBTdXBwb3J0IFN5c3RlbS4=?=<users...@ml.post.kek.jp> The sample message is attached (obfuscated, stripped-off of irrelevant content, the set of rule hits is kept unchanged). pts rule name description ---- ---------------------- -------------------------------------------------- 0.5 RELAY_JP Relayed through Japan -0.1 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 1.1 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net) -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 1.0 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily 1.5 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors 2.5 FROM_MISSP_EH_MATCH From misspaced, matches envelope 2.1 FROM_MISSP_URI From misspaced, has URI -0.2 AWL AWL: From: address is in the auto white-list I think the score for a set of rules FROM_MISSP_EH_MATCH, FROM_MISSP_URI and TO_NO_BRKTS_FROM_MSSP should be capped - a single unusual (but valid) formatting in a From header field should not collect 6.1 points. -- You are receiving this mail because: You are the assignee for the bug.