https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8347
Kris Deugau <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #2 from Kris Deugau <[email protected]> --- > --- Comment #1 from John Hardin <[email protected]> --- > The Google Storage account IDs in that rule come from obvious spams that I or > my wife have received. *nods* I haven't inspected many of the Google Storage URIs in detail, but the match seemed to cut off just at what looked to be a service aggregation directory, and it's the next directory component - which looks to be a hash of some kind, based on the full image links - that identifies the user/account. > The reason it was added to the manual scoring is when I first defined the rule > there wasn't much of that in the masscheck corpora so it wasn't being scored > well. Now there is. > > I'll remove the manual score so that it follows the masscheck results. Thanks. > Would it be possible to drop that FP into the a masscheck corpus? I've asked our customer if they would mind us passing the complete message on. I've looked into contributing more directly but never quite got things lined up. At a quick scan through the setup documents again, the corpus guidelines don't align well to the mail stream I have available. > Can you send me the list of rules that FP hit, including subrules? Let me know if there's some better way to find these. >From "spamassassin -D 2>&1 <message |grep 'got hit'": (DKIM_INVALID is entirely because Mailgun sets ridiculously short expiry times on their DKIM signatures; I've confirmed from our logs that it passed when originally received.) Sep 3 09:48:48.532 [1127566] dbg: rules: ran header rule __GB_TO_ADDR ======> got hit: "[email protected]" Sep 3 09:48:48.550 [1127566] dbg: rules: ran header rule __HAS_SUBJECT ======> got hit: "<YES>" Sep 3 09:48:48.550 [1127566] dbg: rules: ran header rule __HAS_MESSAGE_ID ======> got hit: "<YES>" Sep 3 09:48:48.550 [1127566] dbg: rules: ran header rule __HAS_DATE ======> got hit: "<YES>" Sep 3 09:48:48.550 [1127566] dbg: rules: ran header rule __HAS_FROM ======> got hit: "<YES>" Sep 3 09:48:48.550 [1127566] dbg: rules: ran header rule __HAS_RCVD ======> got hit: "<YES>" Sep 3 09:48:48.550 [1127566] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "V" Sep 3 09:48:48.615 [1127566] dbg: rules: ran eval rule SPF_PASS ======> got hit (1) Sep 3 09:48:48.887 [1127566] dbg: rules: ran eval rule SPF_HELO_NONE ======> got hit (1) Sep 3 09:48:48.901 [1127566] dbg: rules: ran eval rule DKIM_SIGNED ======> got hit (1) Sep 3 09:48:48.908 [1127566] dbg: rules: ran meta rule DKIM_INVALID ======> got hit (1) Sep 3 09:48:48.946 [1127566] dbg: rules: ran eval rule BAYES_50 ======> got hit (1) Sep 3 09:48:49.071 [1127566] dbg: rules: ran header rule __FROM_ADDR_AT_2 ======> got hit: "<[email protected]>" Sep 3 09:48:49.071 [1127566] dbg: rules: ran header rule __USING_VERP1 ======> got hit: "+373dad.1e10f1-user=" Sep 3 09:48:49.072 [1127566] dbg: rules: ran header rule __RATWARE_0_TZ_DATE ======> got hit: " +0000" Sep 3 09:48:49.072 [1127566] dbg: rules: ran header rule __JM_REACTOR_DATE ======> got hit: " +0000" Sep 3 09:48:49.072 [1127566] dbg: rules: ran header rule __FSL_HAS_LIST_UNSUB ======> got hit: "<YES>" Sep 3 09:48:49.072 [1127566] dbg: rules: ran header rule __DOS_HAS_LIST_UNSUB ======> got hit: "<YES>" Sep 3 09:48:49.072 [1127566] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> got hit: " Sep 3 09:48:49.073 [1127566] dbg: rules: ran header rule __DOS_SINGLE_EXT_RELAY ======> got hit: "[ ip=69.72.44.148 rdns=m44-148.mailgun.net helo=m44-148.mailgun.net by=mx1.vianet.ca ident= envfrom= intl=0 id=0C949E2624 auth= msa=0 ]" Sep 3 09:48:49.073 [1127566] dbg: rules: ran header rule __RCD_RDNS_MAIL_MESSY ======> got hit: "[ ip=69.72.44.148 rdns=m44-148.mail" Sep 3 09:48:49.073 [1127566] dbg: rules: ran header rule __LAST_EXTERNAL_RELAY_NO_AUTH ======> got hit: "[ ip=69.72.44.148 rdns=m44-148.mailgun.net helo=m44-148.mailgun.net by=mx1.vianet.ca ident= envfrom= intl=0 id=0C949E2624 auth= " Sep 3 09:48:49.074 [1127566] dbg: rules: ran header rule __HAS_REPLY_TO ======> got hit: "<YES>" Sep 3 09:48:49.074 [1127566] dbg: rules: ran header rule __DOS_RELAYED_EXT ======> got hit: "Received: from m44-148.mailgun.net (m44-148.mailgun.net [69.72.44.148]) by mx1.vianet.ca (Postfix) with ESMTPS id 0C949E2624 for <[email protected]>; Tue, 2 Sep 2025 08:15:58 -0400 (EDT) Sep 3 09:48:49.075 [1127566] dbg: rules: ran header rule __MIME_VERSION ======> got hit: "<YES>" Sep 3 09:48:49.075 [1127566] dbg: rules: ran header rule __TO_NO_ARROWS_R ======> got hit: "<negative match>" Sep 3 09:48:49.075 [1127566] dbg: rules: ran header rule __NAKED_TO ======> got hit: "[email protected]" Sep 3 09:48:49.075 [1127566] dbg: rules: ran header rule __HAS_TO ======> got hit: "<YES>" Sep 3 09:48:49.075 [1127566] dbg: rules: ran header rule __CTYPE_MULTIPART_ALT ======> got hit: "multipart/alternative" Sep 3 09:48:49.075 [1127566] dbg: rules: ran header rule __CT ======> got hit: "<YES>" Sep 3 09:48:49.075 [1127566] dbg: rules: ran header rule __CTYPE_MULTIPART_ANY ======> got hit: "multipart/alternative" Sep 3 09:48:49.076 [1127566] dbg: rules: ran header rule __CTYPE_HAS_BOUNDARY ======> got hit: "boundary" Sep 3 09:48:49.076 [1127566] dbg: rules: ran header rule __LAST_UNTRUSTED_RELAY_NO_AUTH ======> got hit: "[ ip=69.72.44.148 rdns=m44-148.mailgun.net helo=m44-148.mailgun.net by=mx1.vianet.ca ident= envfrom= intl=0 id=0C949E2624 auth= " Sep 3 09:48:49.076 [1127566] dbg: rules: ran header rule __HAS_SENDER ======> got hit: "<YES>" Sep 3 09:48:49.077 [1127566] dbg: rules: ran header rule __SUBJ_NOT_SHORT ======> got hit: "Grab & Go: Pet E" Sep 3 09:48:49.078 [1127566] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<[email protected]> Sep 3 09:48:49.078 [1127566] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" Sep 3 09:48:49.078 [1127566] dbg: rules: ran header rule __SENDER_ADDR_AT ======> got hit: "@" Sep 3 09:48:49.079 [1127566] dbg: rules: ran header rule __DKIM_EXISTS ======> got hit: "<YES>" Sep 3 09:48:49.079 [1127566] dbg: rules: ran header rule __HAS_DKIM_SIGHD ======> got hit: "<YES>" Sep 3 09:48:49.079 [1127566] dbg: rules: ran header rule __TOCC_EXISTS ======> got hit: "<YES>" Sep 3 09:48:49.079 [1127566] dbg: rules: ran header rule __DOS_RCVD_TUE ======> got hit: " Tue, " Sep 3 09:48:49.079 [1127566] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@reply.peterboroughvets.ca>" Sep 3 09:48:49.079 [1127566] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "2025090212" Sep 3 09:48:49.080 [1127566] dbg: rules: ran header rule __FROM_ADDR_AT ======> got hit: "@" Sep 3 09:48:49.080 [1127566] dbg: rules: ran header rule __MISSING_REPLY ======> got hit: "UNSET" Sep 3 09:48:49.081 [1127566] dbg: rules: ran header rule __FROM_FULL_NAME ======> got hit: "Peterborough W" Sep 3 09:48:49.082 [1127566] dbg: rules: ran header rule __MISSING_REF ======> got hit: "UNSET" Sep 3 09:48:49.082 [1127566] dbg: rules: ran header rule __TO_AT ======> got hit: "@" Sep 3 09:48:49.090 [1127566] dbg: rules: ran eval rule HEADER_FROM_DIFFERENT_DOMAINS ======> got hit (1) Sep 3 09:48:49.828 [1127566] dbg: rules: ran body rule __LOWER_E ======> got hit: "e" Sep 3 09:48:49.828 [1127566] dbg: rules: ran body rule __LOWER_E ======> got hit: "e" Sep 3 09:48:49.828 [1127566] dbg: rules: ran body rule __LOWER_E ======> got hit: "e" Sep 3 09:48:49.828 [1127566] dbg: rules: ran body rule __LOWER_E ======> got hit: "e" Sep 3 09:48:49.828 [1127566] dbg: rules: ran body rule __LOWER_E ======> got hit: "e" Sep 3 09:48:49.828 [1127566] dbg: rules: ran body rule __LOWER_E ======> got hit: "e" Sep 3 09:48:49.828 [1127566] dbg: rules: ran body rule __LOWER_E ======> got hit: "e" Sep 3 09:48:49.828 [1127566] dbg: rules: ran body rule __LOWER_E ======> got hit: "e" Sep 3 09:48:49.828 [1127566] dbg: rules: ran body rule __LOWER_E ======> got hit: "e" Sep 3 09:48:49.828 [1127566] dbg: rules: ran body rule __LOWER_E ======> got hit: "e" Sep 3 09:48:49.832 [1127566] dbg: rules: ran body rule __LOWER_E ======> got hit: "e" [... logline repeated 220 times] Sep 3 09:48:49.899 [1127566] dbg: rules: ran body rule __HAS_ANY_EMAIL ======> got hit: "[email protected]" Sep 3 09:48:50.019 [1127566] dbg: rules: ran body rule __FILL_THIS_FORM_FRAUD_PHISH1 ======> got hit: "IDENTIFICATION Sep 3 09:48:50.124 [1127566] dbg: rules: ran body rule __BODY_TEXT_LINE ======> got hit: "G" Sep 3 09:48:50.124 [1127566] dbg: rules: ran body rule __BODY_TEXT_LINE ======> got hit: "V" Sep 3 09:48:50.124 [1127566] dbg: rules: ran body rule __BODY_TEXT_LINE ======> got hit: "O" Sep 3 09:48:50.135 [1127566] dbg: rules: ran body rule __E_LIKE_LETTER ======> got hit: "e" Sep 3 09:48:50.135 [1127566] dbg: rules: ran body rule __E_LIKE_LETTER ======> got hit: "e" Sep 3 09:48:50.135 [1127566] dbg: rules: ran body rule __E_LIKE_LETTER ======> got hit: "e" Sep 3 09:48:50.136 [1127566] dbg: rules: ran body rule __E_LIKE_LETTER ======> got hit: "e" Sep 3 09:48:50.136 [1127566] dbg: rules: ran body rule __E_LIKE_LETTER ======> got hit: "e" Sep 3 09:48:50.136 [1127566] dbg: rules: ran body rule __E_LIKE_LETTER ======> got hit: "e" Sep 3 09:48:50.136 [1127566] dbg: rules: ran body rule __E_LIKE_LETTER ======> got hit: "e" Sep 3 09:48:50.136 [1127566] dbg: rules: ran body rule __E_LIKE_LETTER ======> got hit: "e" Sep 3 09:48:50.136 [1127566] dbg: rules: ran body rule __E_LIKE_LETTER ======> got hit: "e" Sep 3 09:48:50.136 [1127566] dbg: rules: ran body rule __E_LIKE_LETTER ======> got hit: "e" Sep 3 09:48:50.141 [1127566] dbg: rules: ran body rule __E_LIKE_LETTER ======> got hit: "e" [... logline repeated 310 times] Sep 3 09:48:50.157 [1127566] dbg: rules: ran body rule ONLINE_PHARMACY ======> got hit: "ONLINE PHARMACY" Sep 3 09:48:50.177 [1127566] dbg: rules: ran body rule TVD_VISIT_PHARMA ======> got hit: "ONLINE PHARMACY" Sep 3 09:48:50.247 [1127566] dbg: rules: ran body rule __SINGLE_WORD_LINE ======> got hit: "Bowls Sep 3 09:48:50.332 [1127566] dbg: rules: ran body rule __YOUR_PERSONAL ======> got hit: " your address book." Sep 3 09:48:50.374 [1127566] dbg: rules: ran body rule __SUBSCRIPTION_INFO ======> got hit: "Newsletter" Sep 3 09:48:50.379 [1127566] dbg: rules: ran body rule __KAM_WEB2_4 ======> got hit: "Special Offer" Sep 3 09:48:50.461 [1127566] dbg: rules: ran uri rule __KAM_SEO7 ======> got hit: "h" Sep 3 09:48:50.462 [1127566] dbg: rules: ran uri rule __MXG_HAS_PHONE04 ======> got hit: "tel:" Sep 3 09:48:50.463 [1127566] dbg: rules: ran uri rule __ALL_URI ======> got hit: "https://email.reply.peterboroughvets.ca/c/eJx0U01zozoQ_DVws0sSRsBBByc27JbD2s-1JmQvlJAGLPMhIgTO-te_sjf16h2y167umZ6uHlEoyXC6kQNXxw9O05i2MF7CV1cyDBhV2JW646pnBob293IAC6bURk_1eQY7LgX_JBT62oMZz2oo7O8BWKsFt0r_waULDAc-DbHv-YELHVdt0cE48hruDr6htax1po6hqCGn_Ko38yfrMUzwbuCq7v-H3WU0jAQStCo5CUvkcRSSSlYYXOhnZXTfQW_ZYLScxN2Ke2ZRGPgYRSGOaBgEuIKAEyoBV7gisgqlqxhBxEcRIphg36dLLAkH7NEV8bHHBXJW6O9RtOxs7TA63tohsUPi0WrDa1jWWtct8EGNS6E7h8TdWI-9NA6Jh-l5mLf7Xb6vV983l7QLsuhOAKm4Q-KwEp4MAn-BRIAWK-SHi1JQvEC-RyXlUmJZLoe-dltR_AlH9RZMz1t2IvEok6zJsUOefuV0m7VVultfX_ffTXMs6zkn8beTmqcE5pc42eR1k8Q6va22KYWfyctp_bLf7kqF3k9Xh8TTOn5baXpMhrcfp-CQ3abbJtsdouT5BpNtmvFgm3nnHzPMk58h0m_dJqlj73LLpEOezvjjRfw4da_p5anROfwT_drmh4_37Z4-7Vqb7p7fQ8fbuK1-VPKrVNwO7FlLxgflaqNq1bNyapvF42x3MHpWEgxrgUuh-x6E1cY1bBR6smCcFeJCQLvswbqjnowA9lAu1Dgvrto0YFx7r23x5XLLhO6KL1_FMrDFfxWdGfk3AAD__yDAIaE"; Sep 3 09:48:50.463 [1127566] dbg: rules: ran uri rule __URI_GOOG_STO_IMG ======> got hit: "https://storage.googleapis.com/msgsndr/puCpvEOKXOg4IDjMm7V9/media/95422bcb-b2fd-4301-852d-c268c0d319c2.png"; Sep 3 09:48:50.464 [1127566] dbg: rules: ran uri rule __URI_GOOG_STO_IMG ======> got hit: "https://storage.googleapis.com/msgsndr/puCpvEOKXOg4IDjMm7V9/media/25c1ce98-dabc-4ca8-a347-d6bf252b32f1.png"; Sep 3 09:48:50.464 [1127566] dbg: rules: ran uri rule __URI_GOOG_STO_IMG ======> got hit: "https://storage.googleapis.com/msgsndr/puCpvEOKXOg4IDjMm7V9/media/61de7f5a-55c4-475a-9850-c9a1d1085212.png"; Sep 3 09:48:50.464 [1127566] dbg: rules: ran uri rule __URI_GOOG_STO_IMG ======> got hit: "https://storage.googleapis.com/msgsndr/puCpvEOKXOg4IDjMm7V9/media/e9456934-4d6c-435a-8f58-f0ac8922adbd.png"; Sep 3 09:48:50.464 [1127566] dbg: rules: ran uri rule __URI_GOOG_STO_IMG ======> got hit: "https://storage.googleapis.com/msgsndr/puCpvEOKXOg4IDjMm7V9/media/a8098f03-603c-498b-ab0b-e76940d058fe.png"; Sep 3 09:48:50.464 [1127566] dbg: rules: ran uri rule URI_GOOG_STO_SPAMMY ======> got hit: "https://storage.googleapis.com/msgsndr/"; Sep 3 09:48:50.465 [1127566] dbg: rules: ran uri rule __URI_MAILTO ======> got hit: "mailto:"; Sep 3 09:48:50.465 [1127566] dbg: rules: ran uri rule __URI_MAILTO ======> got hit: "mailto:"; Sep 3 09:48:50.465 [1127566] dbg: rules: ran uri rule __HAS_ANY_URI ======> got hit: "https://"; Sep 3 09:48:50.466 [1127566] dbg: rules: ran uri rule __GOOGLEAPI ======> got hit: "://storage.googleapis.com/" Sep 3 09:48:50.466 [1127566] dbg: rules: ran uri rule __DOS_HAS_ANY_URI ======> got hit: "https://"; Sep 3 09:48:50.466 [1127566] dbg: rules: ran uri rule __LOCAL_PP_NONPPURL ======> got hit: "https://email.reply.peterboroughvets.ca"; Sep 3 09:48:50.466 [1127566] dbg: rules: ran uri rule __HAS_URI ======> got hit: "h" Sep 3 09:48:50.487 [1127566] dbg: rules: ran eval rule __TAG_EXISTS_STYLE ======> got hit (1) Sep 3 09:48:50.490 [1127566] dbg: rules: ran eval rule __TAG_EXISTS_HEAD ======> got hit (1) Sep 3 09:48:50.490 [1127566] dbg: mimeheader: ran rule __ANY_TEXT_ATTACH_DOC ======> got hit: "text/plain" (part 2) Sep 3 09:48:50.492 [1127566] dbg: mimeheader: ran rule __ANY_TEXT_ATTACH ======> got hit: "text/plain" (part 2) Sep 3 09:48:50.503 [1127566] dbg: rules: ran eval rule __HTML_LINK_IMAGE ======> got hit (1) Sep 3 09:48:50.504 [1127566] dbg: rules: ran eval rule __HAVE_BOUNCE_RELAYS ======> got hit (1) Sep 3 09:48:50.505 [1127566] dbg: rules: ran eval rule HTML_MESSAGE ======> got hit (1) Sep 3 09:48:50.505 [1127566] dbg: rules: ran eval rule __TAG_EXISTS_BODY ======> got hit (1) Sep 3 09:48:50.506 [1127566] dbg: rules: ran eval rule __MXG_UNSUB_LINK01 ======> got hit (1) Sep 3 09:48:50.506 [1127566] dbg: rules: ran eval rule __TAG_EXISTS_META ======> got hit (1) Sep 3 09:48:50.508 [1127566] dbg: rules: ran eval rule HTML_IMAGE_RATIO_06 ======> got hit (1) Sep 3 09:48:50.509 [1127566] dbg: mimeheader: ran rule __CT_TEXTPLAIN ======> got hit: "text/plain" (part 2) Sep 3 09:48:50.509 [1127566] dbg: rules: ran eval rule __UPPERCASE_25_50 ======> got hit (1) Sep 3 09:48:50.509 [1127566] dbg: mimeheader: ran rule __TVD_MIME_ATT_TP ======> got hit: "text/plain" (part 2) Sep 3 09:48:50.510 [1127566] dbg: rules: ran eval rule __COMMENT_EXISTS ======> got hit (1) Sep 3 09:48:50.511 [1127566] dbg: rules: ran eval rule __MIME_HTML ======> got hit (1) Sep 3 09:48:50.515 [1127566] dbg: rules: ran eval rule __TAG_EXISTS_HTML ======> got hit (1) Sep 3 09:48:50.550 [1127566] dbg: rules: ran rawbody rule __L_BODY_8BITS ======> got hit: "\x{E2}" Sep 3 09:48:50.552 [1127566] dbg: rules: ran rawbody rule __BUGGED_IMG ======> got hit: "<img Sep 3 09:48:50.555 [1127566] dbg: rules: ran rawbody rule __AC_TINY_FONT ======> got hit: "font-size:1px;" Sep 3 09:48:50.573 [1127566] dbg: rules: ran rawbody rule __HTML_FONT_TINY_01 ======> got hit: "font-size:0px;" Sep 3 09:48:50.579 [1127566] dbg: rules: ran eval rule __MIME_QP ======> got hit (1) Sep 3 09:48:50.579 [1127566] dbg: rules: ran eval rule __MIME_QPC ======> got hit (1) Sep 3 09:48:50.595 [1127566] dbg: rules: ran eval rule __DKIM_DEPENDABLE ======> got hit (1) Sep 3 09:48:50.596 [1127566] dbg: rules: ran meta rule __PDS_QP_1024 ======> got hit (1) Sep 3 09:48:50.599 [1127566] dbg: rules: ran meta rule __NOT_SPOOFED ======> got hit (1) Sep 3 09:48:50.599 [1127566] dbg: rules: ran meta rule __MXG_UNSUB_LINK ======> got hit (1) Sep 3 09:48:50.599 [1127566] dbg: rules: ran meta rule __PDS_QP_128 ======> got hit (1) Sep 3 09:48:50.600 [1127566] dbg: rules: ran meta rule __PDS_QP_512 ======> got hit (1) Sep 3 09:48:50.601 [1127566] dbg: rules: ran meta rule __GOOG_STO_IMG_NOHTML ======> got hit (1) Sep 3 09:48:50.602 [1127566] dbg: rules: ran meta rule __LIST_PARTIAL ======> got hit (1) Sep 3 09:48:50.603 [1127566] dbg: rules: ran meta rule __PDS_QP_64 ======> got hit (1) Sep 3 09:48:50.603 [1127566] dbg: rules: ran meta rule __T_PDS_MSG_512 ======> got hit (1) Sep 3 09:48:50.605 [1127566] dbg: rules: ran meta rule __NOT_A_PERSON ======> got hit (1) -- You are receiving this mail because: You are the assignee for the bug.
![https://storage.googleapis.com/msgsndr/puCpvEOKXOg4IDjMm7V9/media/95422bcb-b2fd-4301-852d-c268c0d319c2.png"](https://storage.googleapis.com/msgsndr/puCpvEOKXOg4IDjMm7V9/media/95422bcb-b2fd-4301-852d-c268c0d319c2.png"){kind=link}
![https://storage.googleapis.com/msgsndr/puCpvEOKXOg4IDjMm7V9/media/25c1ce98-dabc-4ca8-a347-d6bf252b32f1.png"](https://storage.googleapis.com/msgsndr/puCpvEOKXOg4IDjMm7V9/media/25c1ce98-dabc-4ca8-a347-d6bf252b32f1.png"){kind=link}
![https://storage.googleapis.com/msgsndr/puCpvEOKXOg4IDjMm7V9/media/61de7f5a-55c4-475a-9850-c9a1d1085212.png"](https://storage.googleapis.com/msgsndr/puCpvEOKXOg4IDjMm7V9/media/61de7f5a-55c4-475a-9850-c9a1d1085212.png"){kind=link}
![https://storage.googleapis.com/msgsndr/puCpvEOKXOg4IDjMm7V9/media/e9456934-4d6c-435a-8f58-f0ac8922adbd.png"](https://storage.googleapis.com/msgsndr/puCpvEOKXOg4IDjMm7V9/media/e9456934-4d6c-435a-8f58-f0ac8922adbd.png"){kind=link}
![https://storage.googleapis.com/msgsndr/puCpvEOKXOg4IDjMm7V9/media/a8098f03-603c-498b-ab0b-e76940d058fe.png"](https://storage.googleapis.com/msgsndr/puCpvEOKXOg4IDjMm7V9/media/a8098f03-603c-498b-ab0b-e76940d058fe.png"){kind=link}