On Wed, 18 Sep 2019 15:30:46 +0200 Dan Malm wrote: > Ok, I'm pretty sure this is mostly on my end, but I think there are > also some issues with the __NOT_SPOOFED meta rule. > > 1: I was able to reproduce getting the SPOOFED_FREEMAIL locally on my > machine when running spammassassin with the -L parameter. > > 2: The reason (I assume) that I get the rule hit on my servers is this > which I get when I run a manual spamassassin check with debugging > enabled: dbg: dkim: cannot load Mail::DKIM module, DKIM checks > disabled: Can't locate Mail/DKIM/Verifier.pm in @INC (you may need to > install the Mail::DKIM::Verifier module) (@INC contains: lib > /usr/local/lib/perl5/site_perl > /usr/local/lib/perl5/site_perl/mach/5.28 > /usr/local/lib/perl5/5.28/mach /usr/local/lib/perl5/5.28) at > /usr/local/lib/perl5/site_perl/Mail/SpamAssassin/Plugin/DKIM.pm line > 675. > > So, given that the Mail::SpamAssassin::Plugin::DKIM plugin is loaded, > __NOT_SPOOFED will check DKIM_VALID and ignore the -L parameter and > ignore errors with the DKIM validity check.
The rules will work around the DKIM plugin not being loaded by switching to a a simple header test for the signature, but they can't cope with DKIM being otherwise disabled. __NOT_SPOOFED is still checking for SPF_PASS. The rule QA webpage shows results for score set 0 (no net, no Bayes). From other results I've seen, I think this has net plugins loaded, but unused. That means that !__NOT_SPOOFED is unconditionally true, so SPOOFED_FREEMAIL is effectivly then FREEMAIL_FROM && !__FS_SUBJ_RE. The wont reflect the actual results in score set 0/2 with the plugins unloaded or the results in sets 1/3.
