#[1]Top [2]SpamAssassin Actions: [3]Home | [4]New | [5]Search | Find bug # ______ | [6]Reports | [7]Requests | [8]New Account | [9]Log In Bugzilla Bug 4355 [review] qmail received-header parser fails on empty ident in 3.0 Last modified: 2005-05-24 01:08 [10]Search page [11]Enter new bug _________________________________________________________________ Bug#: [12]4355 Hardware: [PC.......] Reporter: [13]Sergey Levashev Product: [Spamassassin] OS: [Linux.......] Add CC: ______________________________ [14]Component: [Libraries.................] Version: [3.0.3...........................] CC: [15]Status: NEW [16]Priority: [P1] [17]Resolution: [18]Severity: [normal.....] [19]Assigned To: SpamAssassin Developer Mailing List [20]Target Milestone: 3.0.4 URL: ____________________________________________________________ Summary: ____________________________________________________________ Status Whiteboard: ____________________________________________________________ [21]Keywords: ____________________________________________________________ Attachment Type Modified Status Actions Submitter/CLA Status [22]patch against 3.0 patch 2005.05.23 23:54 [23]Edit Daryl C. W. O'Shea [HasCLA] [24]Create a New Attachment (proposed patch, testcase, etc.) [25]View All Bug 4355 depends on: ____________________ [26]Show dependency tree [27]Show dependency graph Bug 4355 blocks: ____________________ Additional Comments: ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ (_) Leave as NEW (_) Accept bug (change status to ASSIGNED) (_) Resolve bug, changing [28]resolution to [FIXED.....] (_) Resolve bug, mark it as duplicate of bug # ______ (_) [29]Reassign bug to ________________________________ (_) Reassign bug to owner of selected component Commit [30]View Bug Activity | [31]Format For Printing _________________________________________________________________ [32]Description: Opened: 2005-05-21 03:32 If spamer add string like this: Received: from 82-35-6-77.cable.ubr01.hari.blueyonder.co.uk (@82.35.6.77) by secure.roshan.name with SMTP; 20 May 2005 22:45:07 +0100 we have X-Spam-Status: No, score=2.1 required=8.0 tests=ALL_TRUSTED,DCC_CHECK autolearn=disabled version=3.0.3 if i move (@82.35.6.77) to (82.35.6.77) voila! X-Spam-Status: Yes, score=24.6 required=8.0 tests=DCC_CHECK,HELO_DYNAMIC_HCC, HELO_DYNAMIC_IPADDR2,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL, RCVD_IN_NJABL_DUL,RCVD_IN_NJABL_PROXY,RCVD_IN_SORBS_DUL autolearn=disabled version=3.0.3 ------- Additional Comment [33]#1 From [34]Bob Menschel 2005-05-22 00:47 ------- Sergey -- I tried to reproduce your problem on my system, and it looks like the problem with @ in a received header is already fixed in 3.1. Can you please tes t against a bleeding edge copy of SA to see if the problem goes away for you also ? Thanks. ------- Additional Comment [35]#2 From [36]Sergey Levashev 2005-05-22 21:55 ------- (In reply to [37]comment #1) > Sergey -- I tried to reproduce your problem on my system, and it looks like t he > problem with @ in a received header is already fixed in 3.1. Can you please t est > against a bleeding edge copy of SA to see if the problem goes away for you al so? > Thanks. Ok, but i don't see link to SA 3.1 :-/ ------- Additional Comment [38]#3 From [39]Daryl C. W. O'Shea 2005-05-22 22:08 ------- There are snapshots of the 3.1 development tree here: [40]http://svn.apache.org/snapshots/spamassassin/ Moving to 3.0.4 -- this should be fixed in 3.0 if we're going to do a 3.0.4 release since there have been a LOT of reports about this. ------- Additional Comment [41]#4 From [42]Sergey Levashev 2005-05-23 01:30 ------- (In reply to [43]comment #3) > There are snapshots of the 3.1 development tree here: > [44]http://svn.apache.org/snapshots/spamassassin/ > > Moving to 3.0.4 -- this should be fixed in 3.0 if we're going to do a 3.0.4 > release since there have been a LOT of reports about this. Ok, i have install SA 3.1.0-r170109 and problem with "@" gone, but... May 23 15:22:46 future spamassassin[16443]: config: failed to parse line, skipp ing: rewrite_subject 1 May 23 15:22:46 future spamassassin[16443]: config: failed to parse line, skipp ing: lang ru May 23 15:22:46 future spamassassin[16443]: config: failed to parse line, skipp ing: ok_languages ru en May 23 15:22:46 future spamassassin[16443]: config: failed to parse line, skipp ing: auto_whitelist_path /etc/mail/spamassassin/auto_whitelist May 23 15:22:46 future spamassassin[16443]: config: failed to parse line, skipp ing: auto_learn 0 May 23 15:22:46 future spamassassin[16443]: config: failed to parse line, skipp ing: use_auto_whitelist_0 May 23 15:22:46 future spamassassin[16443]: config: failed to parse line, skipp ing: use_razor2 1 May 23 15:22:46 future spamassassin[16443]: config: failed to parse line, skipp ing: use_dcc 1 May 23 15:22:46 future spamassassin[16443]: config: failed to parse line, skipp ing: use_pyzor 0 what should i do to migrate to 3.1? ------- Additional Comment [45]#5 From [46]Loren Wilton 2005-05-23 03:12 ------- Subject: Re: Spam detect bug > Ok, i have install SA 3.1.0-r170109 and problem with "@" gone, but... skipping: rewrite_subject 1 skipping: lang ru skipping: ok_languages ru > auto_whitelist_path /etc/mail/spamassassin/auto_whitelist skipping: auto_learn > use_auto_whitelist_0 skipping: use_razor2 skipping: use_dcc skipping: use_pyzor > > what should i do to migrate to 3.1? Some of those seem to be old options that should have caused you problems on 3.0, unless you are coming from 2.6x or eariler. You can get the details in the upgrade document, I believe. rewrite_subject is now "rewrite_header Subject ". auto_learn is bayes_auto_learn. Not sure about the lang and ok_languages changes and the whitelist stuff. The razor/dcc/pyzor lines have probably changed in 3.1 since I think most of those moved to plugins. ------- Additional Comment [47]#6 From [48]Sergey Levashev 2005-05-23 03:57 ------- Hm, i think that migrate to 3.1 is no good yet, because 3.1 detects 30 precent of spam (3.0.x detect ~95% and detects ham right with my configuration) and not all mail users (~3000) will be happy if i do this =) local.cf: rewrite_subject 1 report_safe 0 whitelist_from *@alt.ru trusted_networks xxx.xxx.xxx. trusted_networks xxx.xxx.xxx. trusted_networks xxx.xxx.xxx. #clear_trusted_networks #clear_internal_networks internal_networks xxx.xxx.xxx. lang ru ok_languages ru en ok_locales ru en rewrite_header Subject SPAM(_SCORE_) auto_whitelist_path /etc/mail/spamassassin/auto_whitelist bayes_path /etc/mail/spamassassin/bayes bayes_auto_learn 0 auto_learn 0 use_bayes 0 use_bayes_rules 0 use_auto_whitelist 0 use_razor2 1 use_dcc 1 use_pyzor 0 score FROM_ILLEGAL_CHARS 0.5 score HEAD_ILLEGAL_CHARS 0.5 score SUBJ_ILLEGAL_CHARS 1.0 score HTML_FONTCOLOR_RED 3.0 score MIME_HTML_ONLY 2.0 score HTML_FONT_BIG 1.5 score RAZOR2_CF_RANGE_51_100 2.0 score BAYES_99 3 score RCVD_IN_NJABL_DUL 5.5 score URIBL_SBL 3 score RCVD_IN_SORBS_DUL 6.2 score DCC_CHECK 4.9 score RCVD_IN_XBL RBL 8.1 score DNS_FROM_AHBL_RHSBL 8.1 score RAZOR2_CHECK 8.7 #score HTML_FONT_INVISIBLE required_hits 8 ------- Additional Comment [49]#7 From [50]Bob Menschel 2005-05-23 17:29 ------- > Hm, i think that migrate to 3.1 is no good yet, because 3.1 detects 30 precen t of spam (3.0.x detect ~95% and detects ham right with my configuration) and not all mail users (~3000) will be happy if i do this =) I agree, if you're not ready to do the migration, and put up with the problems inherent with a not-even-beta release, then you shouldn't move to 3.1 yet. The problem is fixed in 3.1, but migration from 3.0 to 3.1 is something you wan t to take your time with, read the docs carefully, and with 3000 users do it only after it's a final, official release, with recalculated scores. (The reasons for the lower hit rates are probably due to not yet adjusted rule scores plus your config problems you already reported.) ------- Additional Comment [51]#8 From [52]Theo Van Dinter 2005-05-23 21:28 ------- is there a sample message this issue is occuring with? I can't find a sample i n my corpus. Is this a spammer trying to obfuscate, or just qmail/exim/whatever with a different forma t? ------- Additional Comment [53]#9 From [54]Daryl C. W. O'Shea 2005-05-23 23:15 ------- It only happens when qmail gets an empty string from an ident lookup. Justin fixed this in (trunk) r157208 -- [55]bug 4180. ------- Additional Comment [56]#10 From [57]Daryl C. W. O'Shea 2005-05-23 23:54 ------- [58]Created an attachment (id=2894) [[59]edit] patch against 3.0 ------- Additional Comment [60]#11 From [61]Sergey Levashev 2005-05-24 01:08 ------- (In reply to [62]comment #8) > is there a sample message this issue is occuring with? I can't find a sample in my corpus. Is this a > spammer trying to obfuscate, or just qmail/exim/whatever with a different for mat? Return-Path: <[63]klbnrkq@mcrmail.com> Delivered-To: [64]6-contact@sembacuttiaratchy.com Received: (qmail 19588 invoked from network); 20 May 2005 22:45:07 +0100 Received: from 82-35-6-77.cable.ubr01.hari.blueyonder.co.uk (@82.35.6.77) by secure.roshan.name with SMTP; 20 May 2005 22:45:07 +0100 Language: English X-MIME-Autoconverted: Yes Alternate-Recipient: Allowed Resent-Reply-To: "Marylou" <[65]klbnrkq@mcrmail.com> Reply-To: "Marylou" <[66]klbnrkq@mcrmail.com> From: "Marylou" <[67]klbnrkq@mcrmail.com> To: [68]contact@sembacuttiaratchy.com Subject: Easily earn $925, 879 this year Date: Sat, 21 May 2005 01:39:52 +0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--142-39995-7611-328-538-423" Earn $1000 in the next 24 hours! Work from home - never drive to work again No product to purchase Unlimited income potential You can earn $250,000 in the next 6 to 12 months. Totally automated - No selling. Copy and Paste this link into your browser to make money: mfcpjs.mywealthbiz.info/appl_form_flower.html thank you, Marylou Farris 2816 Central Avenue Richmond, VA _________________________________________________________________ [69]Search page [70]Enter new bug This is Bugzilla: the Mozilla bug system. For more information about what Bugzilla is and what it can do, see [71]bugzilla.org. Actions: [72]Home | [73]New | [74]Search | Find bug # ______ | [75]Reports | [76]Requests | [77]New Account | [78]Log In [79][Sonic.Net logo] Hosted by Sonic.Net References 1. http://bugzilla.spamassassin.org/ 2. http://spamassassin.apache.org/ 3. http://bugzilla.spamassassin.org/ 4. http://bugzilla.spamassassin.org/enter_bug.cgi 5. http://bugzilla.spamassassin.org/query.cgi 6. http://bugzilla.spamassassin.org/report.cgi 7. http://bugzilla.spamassassin.org/request.cgi 8. http://bugzilla.spamassassin.org/createaccount.cgi 9. http://bugzilla.spamassassin.org/query.cgi?GoAheadAndLogIn=1 10. http://bugzilla.spamassassin.org/query.cgi 11. http://bugzilla.spamassassin.org/enter_bug.cgi 12. http://bugzilla.spamassassin.org/show_bug.cgi?id=4355 13. mailto:chek@alt.ru 14. http://bugzilla.spamassassin.org/describecomponents.cgi?product=Spamassassin 15. http://bugzilla.spamassassin.org/page.cgi?id=fields.html#status 16. http://bugzilla.spamassassin.org/page.cgi?id=fields.html#priority 17. http://bugzilla.spamassassin.org/page.cgi?id=fields.html#resolution 18. http://bugzilla.spamassassin.org/page.cgi?id=fields.html#bug_severity 19. http://bugzilla.spamassassin.org/page.cgi?id=fields.html#assigned_to 20. http://wiki.apache.org/spamassassin/UsingBugzilla 21. http://bugzilla.spamassassin.org/describekeywords.cgi 22. http://bugzilla.spamassassin.org/attachment.cgi?id=2894&action=view 23. http://bugzilla.spamassassin.org/attachment.cgi?id=2894&action=edit 24. http://bugzilla.spamassassin.org/attachment.cgi?bugid=4355&action=enter 25. http://bugzilla.spamassassin.org/attachment.cgi?bugid=4355&action=viewall 26. http://bugzilla.spamassassin.org/showdependencytree.cgi?id=4355 27. http://bugzilla.spamassassin.org/showdependencygraph.cgi?id=4355 28. http://bugzilla.spamassassin.org/page.cgi?id=fields.html#resolution 29. http://bugzilla.spamassassin.org/page.cgi?id=fields.html#assigned_to 30. http://bugzilla.spamassassin.org/show_activity.cgi?id=4355 31. http://bugzilla.spamassassin.org/long_list.cgi?buglist=4355 34. mailto:Bob@Menschel.net 36. mailto:chek@alt.ru 37. http://bugzilla.spamassassin.org/show_bug.cgi?id=4355#c1 39. mailto:spamassassin@dostech.ca 40. http://svn.apache.org/snapshots/spamassassin/ 42. mailto:chek@alt.ru 43. http://bugzilla.spamassassin.org/show_bug.cgi?id=4355#c3 44. http://svn.apache.org/snapshots/spamassassin/ 46. mailto:lwilton@earthlink.net 48. mailto:chek@alt.ru 50. mailto:Bob@Menschel.net 52. mailto:felicity@kluge.net 54. mailto:spamassassin@dostech.ca 55. http://bugzilla.spamassassin.org/show_bug.cgi?id=4180 57. mailto:spamassassin@dostech.ca 58. http://bugzilla.spamassassin.org/attachment.cgi?id=2894 59. http://bugzilla.spamassassin.org/attachment.cgi?id=2894&action=edit 61. mailto:chek@alt.ru 62. http://bugzilla.spamassassin.org/show_bug.cgi?id=4355#c8 63. mailto:klbnrkq@mcrmail.com 64. mailto:6-contact@sembacuttiaratchy.com 65. mailto:klbnrkq@mcrmail.com 66. mailto:klbnrkq@mcrmail.com 67. mailto:klbnrkq@mcrmail.com 68. mailto:contact@sembacuttiaratchy.com 69. http://bugzilla.spamassassin.org/query.cgi 70. http://bugzilla.spamassassin.org/enter_bug.cgi 71. http://www.bugzilla.org/ 72. http://bugzilla.spamassassin.org/ 73. http://bugzilla.spamassassin.org/enter_bug.cgi 74. http://bugzilla.spamassassin.org/query.cgi 75. http://bugzilla.spamassassin.org/report.cgi 76. http://bugzilla.spamassassin.org/request.cgi 77. http://bugzilla.spamassassin.org/createaccount.cgi 78. http://bugzilla.spamassassin.org/query.cgi?GoAheadAndLogIn=1 79. http://www.sonic.net/