[opensuse] Problems with false spam
I use kmail together with spamassasin and bogofilter. I get this when bogofilter/spamassasin filters my mail: Content analysis details: (5.6 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 FH_DATE_PAST_20XX The date is grossly in the future. Where do i fix the rule that fouls up? Most mails today are in the range 2000-2099.. So why does it trigger the spam deamon?? /Rikard Johnels
Rikard Johnels wrote:
I use kmail together with spamassasin and bogofilter.
I get this when bogofilter/spamassasin filters my mail:
Content analysis details: (5.6 points, 5.0 required)
pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 FH_DATE_PAST_20XX The date is grossly in the future.
Where do i fix the rule that fouls up?
See https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6269 which I reported on 1.1.2010. The issue is easily fixed locally, but there was also an sa-update out quite quickly. -- Per Jessen, Zürich (9.2°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Content-ID: <alpine.LSU.2.00.1005151144571.2474@nimrodel.valinor> On Saturday, 2010-05-15 at 10:55 +0200, Per Jessen wrote:
-------------------------------------------------- 2.1 FH_DATE_PAST_20XX The date is grossly in the future.
Where do i fix the rule that fouls up?
See https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6269 which I reported on 1.1.2010. The issue is easily fixed locally, but there was also an sa-update out quite quickly.
This reminds me of another problem: the "DNS_FROM_OPENWHOIS" test should be removed. The RBL is dead: http://www.dnsbl.com/2009/08/status-of-blopen-whoisorg-dead.html And the bug was reported and solved July 2009: Bug 6157 - remove open-whois.org rules since domain is cybersquatted https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6157 But opensuse has not updated its own rules. However, I'm a bit doubtfull if the advice there is correct for us, because it says: To disable this check in your SpamAssassin installation (manually), move or delete the "72_active.cf" file from your rules directory. Where this directory is exactly located is going to depend on your installation. On my friend's Linux installation, the directory path is /etc/mail/spamassassin/rules . That affects a lot of rules, which I don't know if it is correct or not. I have simply commented out the DNS_FROM_OPENWHOIS rule instead. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkvubvgACgkQtTMYHG2NR9WOWQCeKZKjLRRUBHZ4ifmjLOye70LK kasAnAohAoSQ9J2uhlsIxncD4NUdGspx =mIqh -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
That affects a lot of rules, which I don't know if it is correct or not. I have simply commented out the DNS_FROM_OPENWHOIS rule instead.
Alternatively, it can also be disabled by adjusting the score to 0: score DNS_FROM_OPENWHOIS 0 -- Per Jessen, Zürich (9.7°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sat, 2010-05-15 at 14:12 +0200, Per Jessen wrote:
Carlos E. R. wrote:
That affects a lot of rules, which I don't know if it is correct or not. I have simply commented out the DNS_FROM_OPENWHOIS rule instead.
Alternatively, it can also be disabled by adjusting the score to 0:
score DNS_FROM_OPENWHOIS 0
How reliable is OPENWHOIS? They have my primary e-mail account marked as a spammer, and it's causing me a bit of grief on other lists. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Mike McMullin wrote:
On Sat, 2010-05-15 at 14:12 +0200, Per Jessen wrote:
Carlos E. R. wrote:
That affects a lot of rules, which I don't know if it is correct or not. I have simply commented out the DNS_FROM_OPENWHOIS rule instead.
Alternatively, it can also be disabled by adjusting the score to 0:
score DNS_FROM_OPENWHOIS 0
How reliable is OPENWHOIS?
They're not at all. See Carlos' posting. -- Per Jessen, Zürich (8.4°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2010-05-15 at 13:48 -0400, Mike McMullin wrote:
How reliable is OPENWHOIS? They have my primary e-mail account marked as a spammer, and it's causing me a bit of grief on other lists.
Totally unreliable, they have been "cybersquatted", whatever that means. Tell whoever marks your email as spam to remove openwhois tests from their systems. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkvvNZwACgkQtTMYHG2NR9U3EgCfdOlLfVuWcJIfAKsBse1yHGy/ zGkAnj7Qs6yEksdwNrvCn6s5zw1UyrGe =5b7K -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, 2010-05-16 at 02:00 +0200, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Saturday, 2010-05-15 at 13:48 -0400, Mike McMullin wrote:
How reliable is OPENWHOIS? They have my primary e-mail account marked as a spammer, and it's causing me a bit of grief on other lists.
Totally unreliable, they have been "cybersquatted", whatever that means. Tell whoever marks your email as spam to remove openwhois tests from their systems.
I've been trying to get a response from the "list owners", much to no avail, if this remains quiet, I will try individuals marked as list owners from another account. I'm beginning to wonder if the requests aren't just getting marked as spam and ignored, period. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2010-05-16 10:43, Mike McMullin wrote:
On Sun, 2010-05-16 at 02:00 +0200, Carlos E. R. wrote:
I've been trying to get a response from the "list owners", much to no avail, if this remains quiet, I will try individuals marked as list owners from another account. I'm beginning to wonder if the requests aren't just getting marked as spam and ignored, period.
That has happened to me on ocassion. - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iF4EAREIAAYFAkvwJ9QACgkQja8UbcUWM1wxEAD9EgM6o3dJneoX/pOg7D/YdQau n88vZ061WbivTLPrkWYA/0UutH0FYJmMjFVMFeVya7u8A33PwQkhxwZemQlk/+Mj =NPTA -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2010-05-15 at 14:12 +0200, Per Jessen wrote:
Carlos E. R. wrote:
That affects a lot of rules, which I don't know if it is correct or not. I have simply commented out the DNS_FROM_OPENWHOIS rule instead.
Alternatively, it can also be disabled by adjusting the score to 0:
score DNS_FROM_OPENWHOIS 0
Yes, but the tests are done and take time and resources. If it has to timeout, that's a lot. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkvvOrcACgkQtTMYHG2NR9WJfgCfUsPuwC9BlS5elvzwzcI3hD/j qTMAn0o9l8tV1OmHD2oZSVtyKtxa/r7X =G8fW -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Saturday, 2010-05-15 at 14:12 +0200, Per Jessen wrote:
Carlos E. R. wrote:
That affects a lot of rules, which I don't know if it is correct or not. I have simply commented out the DNS_FROM_OPENWHOIS rule instead.
Alternatively, it can also be disabled by adjusting the score to 0:
score DNS_FROM_OPENWHOIS 0
Yes, but the tests are done and take time and resources. If it has to timeout, that's a lot.
No, that's the whole point - SpamAssassin doesn't not try to run the test when it has a score of 0. -- Per Jessen, Zürich (8.2°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2010-05-16 09:15, Per Jessen wrote:
Carlos E. R. wrote:
score DNS_FROM_OPENWHOIS 0
Yes, but the tests are done and take time and resources. If it has to timeout, that's a lot.
No, that's the whole point - SpamAssassin doesn't not try to run the test when it has a score of 0.
I don't think so. I have seen emails with tests scoring zero in the report - which means that the test did "hit", then was scored "0" later, which in turn mean the test was actually run. I would have to test this to be sure, but I believe it is. - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iF4EAREIAAYFAkvwKJ0ACgkQja8UbcUWM1wrjwD/fYp46HzUUBUnbK1F6yoY8DoB JgXq7FR2OUa5+Ta01WkA/jIhH+fVqAT6WW8PvkTvSYIBVcjR7h2hGHZMXykXOlOP =Ukjx -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 2010-05-16 09:15, Per Jessen wrote:
Carlos E. R. wrote:
score DNS_FROM_OPENWHOIS 0
Yes, but the tests are done and take time and resources. If it has to timeout, that's a lot.
No, that's the whole point - SpamAssassin doesn't not try to run the test when it has a score of 0.
I don't think so. I have seen emails with tests scoring zero in the report - which means that the test did "hit", then was scored "0" later, which in turn mean the test was actually run.
I would have to test this to be sure, but I believe it is.
A score of zero in the report means the test gave 0<result<1. Here is a testcase for you: body CARLOS_TESTCASE1 /./ score CARLOS_TESTCASE1 0 -- Per Jessen, Zürich (9.5°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2010-05-16 20:32, Per Jessen wrote:
Carlos E. R. wrote:
A score of zero in the report means the test gave 0<result<1. Here is a testcase for you:
body CARLOS_TESTCASE1 /./ score CARLOS_TESTCASE1 0
The thing is, to give a score, whatever the value, the test has to be run, and match. I don't have SA in this laptop, I can't test. - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iF4EAREIAAYFAkvwO6AACgkQja8UbcUWM1wJ+wD/eiFEyLukcqKQkGAn3ge8zAMB zwlI90KvMEDO/zAOBDkA/1XfyTRyJa1brV84DspPvZMNGMulAZlgLiBrJm7i2PuY =eZ5W -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 2010-05-16 20:32, Per Jessen wrote:
Carlos E. R. wrote:
A score of zero in the report means the test gave 0<result<1. Here is a testcase for you:
body CARLOS_TESTCASE1 /./ score CARLOS_TESTCASE1 0
The thing is, to give a score, whatever the value, the test has to be run, and match.
The test above will always match, so you will (according to your understanding) always see CARLOS_TESTCASE1 give 0 points. However, tests giving 0 points are not run, so you will never see see the test case above generate any hits. -- Per Jessen, Zürich (9.2°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Content-ID: <alpine.LSU.2.00.1005162150301.2474@nimrodel.valinor> On Sunday, 2010-05-16 at 20:45 +0200, Per Jessen wrote:
Carlos E. R. wrote:
is a testcase for you:
body CARLOS_TESTCASE1 /./ score CARLOS_TESTCASE1 0
The thing is, to give a score, whatever the value, the test has to be run, and match.
The test above will always match, so you will (according to your understanding) always see CARLOS_TESTCASE1 give 0 points. However, tests giving 0 points are not run, so you will never see see the test case above generate any hits.
I haven't tested your rule, but in my my spam folder I see scores like these: Content analysis details: (13.9 points, 5.0 required) pts rule name description - ---- ---------------------- -------------------------------------------------- ... 0.0 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d another: 0.0 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image another one: 0.0 HTML_IMAGE_RATIO_06 BODY: HTML has a low ratio of text to image area If I see the report, it means that those tests were run and did hit a match, then scored 0.0. Your test example marks a score of "0", not "0.0". Will that be different, perhaps? :-? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkvwTWUACgkQtTMYHG2NR9Vq6gCgkO+/lSsyTSJh5BovBKjMiYTB oX4An2zboXwlDdFSHApYFWPjlGI5RARe =u/fh -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
I haven't tested your rule, but in my my spam folder I see scores like these:
Content analysis details: (13.9 points, 5.0 required)
pts rule name description - ---- ---------------------- 0.0 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d 0.0 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image 0.0 HTML_IMAGE_RATIO_06 BODY: HTML has a low ratio of text to image area
Like I said earlier - a reported result of 0 only means that 0<score<1. A reported result of 0.0 probably means 0<score<0.1. These are the scores for those rules: score FH_HELO_EQ_D_D_D_D 2.399 0.498 0.561 0.001 score HTML_SHORT_LINK_IMG_2 0.153 0.239 0.001 0.001 score HTML_IMAGE_RATIO_06 0.401 0.001 0.501 0.001 -- Per Jessen, Zürich (9.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sat, 15 May 2010 11:52:48 +0200 (CEST), "Carlos E. R." <robin.listas@telefonica.net> wrote:
But opensuse has not updated its own rules.
If you indeed think there is a problem *please* open a bug report in bugzilla and take pth@suse.de into CC of that bug as I'm interested in its outcome. Philipp -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2010-05-15 at 15:10 +0200, Philipp Thomas wrote:
On Sat, 15 May 2010 11:52:48 +0200 (CEST), "Carlos E. R." wrote:
But opensuse has not updated its own rules.
If you indeed think there is a problem *please* open a bug report in bugzilla and take pth@suse.de into CC of that bug as I'm interested in its outcome.
There should be no need for me or anybody making an official request, but if you insist... [...] Match Failed Bugzilla was unable to make any match at all for one or more of the names and/or email addresses you entered on the previous page. Please go back and try other names or email addresses. CC: ***@suse.de did not match anything Go figure... Using "novell.com" instead. I hope it's the same person. :-) Bug 606231 - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkvvPYoACgkQtTMYHG2NR9UPTgCfVUvq5Kw20K39TjNpaSmme1Hd dlQAn3U3lIuot0meEddpryJHvnY+1NUa =MLA5 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, 16 May 2010 02:34:16 +0200 (CEST), "Carlos E. R." <robin.listas@telefonica.net> wrote:
There should be no need for me or anybody making an official request, but if you insist...
Nobody is perfect and some things might go by unnoticed by the maintainer, so it doesn't harm to file a bug.
CC: ***@suse.de did not match anything
Go figure...
Well, I forgot that novell bugzilla only knows the novell.com address, sorry for that.
Using "novell.com" instead. I hope it's the same person. :-)
Yepp, that's me too ;-) Philipp -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (5)
-
Carlos E. R. -
Mike McMullin -
Per Jessen -
Philipp Thomas -
Rikard Johnels