https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6864
Priority: P2
Bug ID: 6864
Assignee: dev@spamassassin.apache.org
Summary: Excessive score (6.1) from FROM_MISSP_URI,
FROM_MISSP_EH_MATCH, TO_NO_BRKTS_FROM_MSSP
Severity: normal
Classification: Unclassified
OS: All
Reporter: mark.marti...@ijs.si
Hardware: All
Status: NEW
Version: SVN Trunk (Latest Devel Version)
Component: Rules
Product: Spamassassin
Today I was investigating a false positive for a mail from our
Japanese research colleagues at KEK.jp. It turns out that the following
perfectly valid From line caused a collection of 6.1 score points
solely because there is no (optional) space between a display name
and the address:
From: =?ISO-2022-JP?B?VXNlciBTdXBwb3J0IFN5c3RlbS4=?=<users...@ml.post.kek.jp>
The sample message is attached (obfuscated, stripped-off of irrelevant
content, the set of rule hits is kept unchanged).
pts rule name description
---- ---------------------- --------------------------------------------------
0.5 RELAY_JP Relayed through Japan
-0.1 RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
1.1 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
1.0 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily
1.5 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
2.5 FROM_MISSP_EH_MATCH From misspaced, matches envelope
2.1 FROM_MISSP_URI From misspaced, has URI
-0.2 AWL AWL: From: address is in the auto white-list
I think the score for a set of rules FROM_MISSP_EH_MATCH, FROM_MISSP_URI
and TO_NO_BRKTS_FROM_MSSP should be capped - a single unusual (but valid)
formatting in a From header field should not collect 6.1 points.
--
You are receiving this mail because:
You are the assignee for the bug.
